Commit graph

38 commits

Author SHA1 Message Date
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Tomeu Vizoso
0f7c6cdc81 mkimage: Allow including a ramdisk in FIT auto mode
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).

This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-06 07:33:42 -05:00
Simon Glass
655cc69655 tools: Add an error code when fit_handle_file() fails
The error code may provide useful information for debugging. Add it to the
error string.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Teddy Reed <teddy.reed@gmail.com>
2016-07-14 18:22:36 -04:00
Simon Glass
3a45f38d41 image: Correct auto-fit architecture property name
The fit_write_images() function incorrectly uses the long name for the
architecture. This cannot be parsed with the FIT is read. Fix this by using
the short name instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:28 -04:00
Vagrant Cascadian
5847084f6b Respect SOURCE_DATE_EPOCH when building FIT images.
Embedding timestamps in FIT images results in unreproducible builds
for targets that generate a fit image, such as dra7xx_evm.

This patch uses the SOURCE_DATE_EPOCH environment variable, when set,
to use specified value for the date.

Thanks to HW42 for debugging the issue and providing the patch:

  https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html

For more information about reproducible builds and the
SOURCE_DATE_EPOCH specification:

  https://reproducible-builds.org/specs/source-date-epoch/
  https://reproducible-builds.org/

Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-06-24 17:23:10 -04:00
Teddy Reed
f8f9107d97 mkimage: fit: spl: Add an optional static offset for external data
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.

It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
2016-06-24 17:23:06 -04:00
Simon Glass
4c1dc1a90f fit_image: Fix a double close() on the error path
There is an extra close() call which is not needed.

Reported-by: Coverity (CID: 143065)
Signed-off-by: Simon Glass <sjg@chromium.org>
2016-05-02 18:37:10 -04:00
Simon Glass
5b15a2596f mkimage: Don't close the file if it wasn't opened
The error path for fit_import_data() is incorrect if the second open() call
fails.

Reported-by: Coverity (CID: 138489)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:28 -04:00
Simon Glass
3bd3a54ac5 mkimage: Ensure file is closed in fdt_property_file()
The file that is opened is not closed in all cases. Fix it.

Reported-by: Coverity (CID: 138490)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:27 -04:00
Simon Glass
7b0bbd886d mkimage: Fix missing free() and close() in fit_build()
Make sure that both the error path and normal return free the buffer and
close the file.

Reported-by: Coverity (CID: 138491)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:27 -04:00
Simon Glass
21c2975a94 mkimage: Fix missing free() in fit_extract_data()
The 'buf' variable is not freed. Fix it.

Reported-by: Coverity (CID: 138492)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:21 -04:00
Simon Glass
b97d71e26a mkimage: Fix error path in fit_extract_data()
The 'fdt' variable is not unmapped in all error cases. Fix this.

Reported-by: Coverity (CID: 138493)

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:20 -04:00
Simon Glass
6e0ffce6cb mkimage: Add a missing free() to fit_import_data()
The space allocated to fdt is not freed on error. Fix it.

Reported-by: Coverity (CID: 138494)

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:20 -04:00
Simon Glass
f980ca3411 mkimage: Correct file being closed twice in fit_extract_data()
The code flows through to the end of the function, so we don't need another
close() before this. Remove it.

Reported-by: Coverity (CID: 138503)

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:18 -04:00
Simon Glass
508b028a4c mkimage: Correct file being closed twice in fit_import_data()
The code flows through to the end of the function, so we don't need another
close() before this. Remove it.

Reported-by: Coverity (CID: 138504)

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:17 -04:00
Simon Glass
9cff2d1e39 mkimage: Fix munmap() call when importing data
The munmap() call unmaps the wrong memory buffer. Fix it.

Reported-by: Coverity (CID: 138505)
Reported-by: Coverity (CID: 138495)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-03-22 12:16:17 -04:00
Simon Glass
529fd18866 mkimage: Bring data into the FIT before processing
Since we now support data outside the FIT image, bring it into the FIT image
first before we do any processing. This avoids adding new functionality to
the core FIT code for now.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:30 -04:00
Simon Glass
722ebc8f84 mkimage: Support placing data outside the FIT
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.

In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.

This allows SPL to load the entire FIT, without the images, then load the
images it wants later.

Add a -E option to mkimage to request that it output an 'external' FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
fb4cce0f98 mkimage: Support adding device tree files to a FIT
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.

So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.

Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.

Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.

To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:28 -04:00
Guilherme Maciel Ferreira
39931f966a dumpimage: fit: extract FIT images
The dumpimage is able to extract components contained in a FIT image:

  $ ./dumpimage -T flat_dt -i CONTAINER.ITB -p INDEX FILE

The CONTAINER.ITB is a regular FIT container file. The INDEX is the poisition
of the sub-image to be retrieved, and FILE is the file (path+name) to save the
extracted sub-image.

For example, given the following kernel.its to build a kernel.itb:

  /dts-v1/;
  / {
      ...
      images {
        kernel@1 {
          description = "Kernel 2.6.32-34";
          data = /incbin/("/boot/vmlinuz-2.6.32-34-generic");
          type = "kernel";
          arch = "ppc";
          os = "linux";
          compression = "gzip";
          load = <00000000>;
          entry = <00000000>;
          hash@1 {
            algo = "md5";
          };
        };
        ...
      };
      ...
    };

The dumpimage can extract the 'kernel@1' node through the following command:

  $ ./dumpimage -T flat_dt -i kernel.itb -p 0 kernel
  Extracted:
   Image 0 (kernel@1)
    Description:  Kernel 2.6.32-34
    Created:      Wed Oct 22 15:50:26 2014
    Type:         Kernel Image
    Compression:  gzip compressed
    Data Size:    4040128 Bytes = 3945.44 kB = 3.85 MB
    Architecture: PowerPC
    OS:           Linux
    Load Address: 0x00000000
    Entry Point:  0x00000000
    Hash algo:    md5
    Hash value:   22352ad39bdc03e2e50f9cc28c1c3652

Which results in the file 'kernel' being exactly the same as '/boot/vmlinuz-2.6.32-34-generic'.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
a93648d197 imagetool: replace image registration function by linker_lists feature
The registration was introduced in commit f86ed6a8d5

This commit also removes all registration functions, and the member "next"
from image_type_params struct

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Simon Glass
a946811569 mkimage: Automatically make space in FDT when full
When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Heiko Schocher
6bf4ca076f tools, fit: add fit_info host command
add fit_info command to the host tools. This command prints
the name, offset and the len from a property from a node in
a fit file. This info can be used to extract a properties
data with linux tools, for example "dd".

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:37 -04:00
Guilherme Maciel Ferreira
f86ed6a8d5 tools: moved code common to all image tools to a separated module.
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".

This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:

                                                      +---------------+
                                               +------|   fit_image   |
 +--------------+          +-----------+       |      +---------------+
 |    mkimage   |--------> |           | <-----+
 +--------------+          |           |              +---------------+
                           | imagetool | <------------|    imximage   |
 +--------------+          |           |              +---------------+
 |  dumpimage   |--------> |           | <-----+
 +--------------+          +-----------+       |      +---------------+
                                               +------| default_image |
                                                      +---------------+

          register_image_tool()           register_image_type()

Also, the struct "mkimage_params" was renamed to "image_tool_params" to make
clear its general purpose.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2013-12-13 09:15:32 -05:00
Masahiro Yamada
2f0877c7f4 FIT: delete unnecessary casts
Becuase fdt_check_header function takes (const void *)
type argument, the argument should be passed to it
without being casted to (char *).

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2013-09-20 10:30:54 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
399c744b22 mkimage: Add -r option to specify keys that must be verified
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.

But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.

Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.

If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
4f61042701 mkimage: Add -c option to specify a comment for key signing
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
95d77b4479 mkimage: Add -F option to modify an existing .fit file
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.

Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
e29495d37f mkimage: Add -K to write public keys to an FDT blob
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:

   mkimage -f test.its -K dest.dtb -k keys test.fit

and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
80e4df8ac6 mkimage: Add -k option to specify key directory
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.

Also update the mkimage man page with this information and a clearer list
of available commands.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
aa6d6db4d4 mkimage: Put FIT loading in function and tidy error handling
The fit_handle_file() function is quite long - split out the part that
loads and checks a FIT into its own function. We will use this
function for storing public keys into a destination FDT file.

The error handling is currently a bit repetitive - tidy it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
bbb467dc3c image: Rename fit_add_hashes() to fit_add_verification_data()
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Lars Rasmusson
ee7c0fc764 Correct comment to show the parameters as defined in tools/mkimage.h
Signed-off-by: Lars Rasmusson <Lars.Rasmusson@sics.se>
2012-12-11 06:46:43 -07:00
Peter Tyser
8e1c89663c tools/fit_image.c: Remove unused fit_set_header()
The FIT fit_set_header() function was copied from the standard uImage's
image_set_header() function during mkimage reorganization.  However, the
fit_set_header() function is not used since FIT images use a standard
device tree blob header.

Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
2009-12-05 01:12:45 +01:00
Prafulla Wadaskar
89a4d6b12f tools: mkimage: split code into core, default and FIT image specific
This is a first step towards reorganizing the mkimage code to make it
easier to add support for additional images types. Current mkimage
code is specific to generating uImage and FIT image files, but the
same framework can be used to generate other image types like
Kirkwood boot images (kwbimage-TBD). For this, the mkimage code gets
reworked:

Here is the brief plan for the same:-
a) Split mkimage code into core and image specific support
b) Implement callback functions for image specific code
c) Move image type specific code to respective C files
       Currently there are two types of file generation/list
       supported (i.e uImage, FIT), the code is abstracted from
       mkimage.c/.h and put in default_image.c and fit_image.c;
       all code in these file is static except init function call
d) mkimage_register API is added to add new image type support
All above is addressed in this patch
e) Add kwbimage type support to this new framework (TBD)
This will be implemented in a following commit.

Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Edit commit message, fix coding style and typos.
Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-09-10 22:58:48 +02:00