Commit graph

368 commits

Author SHA1 Message Date
Simon Glass
72188f5462 image: Use constants for 'required' and 'key-name-hint'
These are used in multiple places so update them to use a shared #define.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-04-01 07:45:09 -06:00
Simon Glass
390b26dc27 image: Correct comment for fit_conf_get_node()
This should mention that conf_uname can be NULL and should be in the
header file. Fix this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
AKASHI Takahiro
a8fc3df8b9 include: image.h: add key info to image_sign_info
For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.

Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:39 -04:00
AKASHI Takahiro
b983cc2da0 lib: rsa: decouple rsa from FIT image verification
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:38 -04:00
Eugeniu Rosca
d08b16edf8 image.h: isolate android_image_* functions from tooling
On Feb. 16, 2020, Tom reported [1] build failure of U-Boot in-tree
tooling after applying https://patchwork.ozlabs.org/cover/1229663/
("[v6,0/7] rsa: extend rsa_verify() for UEFI secure boot").

Later on, Heinrich stressed the urgency of the issue in
https://patchwork.ozlabs.org/patch/1250858/#2379069:

 >>>>>>>>>
 We should finalize the topic as it stops EFI patches from being merged
 >>>>>>>>>

On the surface, the problem is caused by U-Boot commits [2-3], which
employed 'u32' in 'include/image.h', while historically U-Boot tooling
stayed agnostic on the {u,s}{8,16,32} types.

Thanks to Tom, Yamada-san and Heinrich, the following solutions have
been put head-to-head ('+' pros, '-' cons):

 A. Use an equivalent fixed-size type, i.e. s/u32/uint32_t/ in both
    android function prototypes (image.h) and definitions (c file):
    + quick and low-line-count
    - creates a 'soup' of fixed-sized types in the Android C file
    - will confuse contributors
    - is going against Linux kernel best practices [4]

 B. Guard Android functions by '!defined(USE_HOSTCC)' in image.h:
    + quick and low-line-count
    + reflects the reality (no android function is used by tooling)
    + zero impact on other subsystems
    - ifdeffery may look annoying (pre-existing problem of image.h)

 C. Make {u8,u16,u32} available in U-Boot tooling:
    + quick and low-line-count
    + [Yamada-san][5]:
      * forbidding u32 for tools is questionable to me
      * Linux kernel and Barebox use {u8,u16,u32} for the tools space
    - breaks U-Boot tradition?
    - has larger impact than [A] and [B]
    - adds type complexity/inconsistency in the tooling space

 D. [Yamada-san] Refactor the headers to minimize the code shared
    between U-Boot space and tooling space:
    + probably the long-term solution
    - high effort
    - can be seen/done as an incremental update on top of [B]

Looking at the above, [B] looks like the natural way to go forward.

[1] https://patchwork.ozlabs.org/patch/1238245/#2363052
[2] commit 7f2531502c ("image: android: Add routine to get dtbo params")
[3] commit c3bfad825a ("image: android: Add functions for handling dtb field")
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6176fa4728fb6d
    ("checkpatch: add --strict warning for c99 fixed size typedefs : int<size>_t")
[5] https://patchwork.ozlabs.org/patch/1238245/#2363340

Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Sam Protsenko <joe.skb7@gmail.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: Heinrich Schuchardt <xpyron.glpk@gmx.de>
2020-03-12 08:20:38 -04:00
Sam Protsenko
7f2531502c image: android: Add routine to get dtbo params
Android Boot Image v1 adds "Recovery DTB" field in image header and
associate payload in boot image itself [1]. Payload should be in
Android DTB/DTBO format [2]. That "Recovery DTB" area should be only
populated for non-A/B devices, and only in recovery image.

Add function to get an address and size of that payload. That function
can be further used e.g. in 'abootimg' command to provide the user a way
to get the address of recovery dtbo from U-Boot shell, which can be
further parsed using 'adtimg' command.

[1] https://source.android.com/devices/bootloader/boot-image-header
[2] https://source.android.com/devices/architecture/dto/partitions

Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2020-02-04 09:07:24 +05:30
Sam Protsenko
c3bfad825a image: android: Add functions for handling dtb field
Android Boot Image v2 adds "DTB" payload (and corresponding field in the
image header). Provide functions for its handling:

  - android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of
    boot image, by blob's index
  - android_image_print_dtb_contents(): Iterate over all DTB blobs in
    "DTB" part of boot image and print those blobs info

"DTB" payload might be in one of the following formats:
  1. concatenated DTB blobs
  2. Android DTBO format

The latter requires "android-image-dt.c" functionality, so this commit
selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option.

Right now this new functionality isn't used, but it can be used further.
As it's required to apply some specific dtbo blob(s) from "dtbo"
partition, we can't automate this process inside of "bootm" command. But
we can do next:
  - come up with some new command like "abootimg" to extract dtb blob
    from boot image (using functions from this patch)
  - extract desired dtbo blobs from "dtbo" partition using "adtimg"
    command
  - merge dtbo blobs into dtb blob using "fdt apply" command
  - pass resulting dtb blob into bootm command in order to boot the
    Android kernel with Android ramdisk from boot image

Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2020-02-04 09:07:24 +05:30
Simon Glass
220a3a44a3 common: Rename and move source()
This function has a very generic name which does not adequately describe
its purpose. Rename it and move it to image.h, since it relates to reading
a script from an image.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17 14:02:35 -05:00
Simon Glass
8e8ccfe1aa common: Move the image globals into image.h
These three globals relate to image handling. Move them to the image
header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17 14:02:35 -05:00
Philippe Reynes
4df3578119 u-boot: fit: add support to decrypt fit with aes
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:16:29 -05:00
Philippe Reynes
7298e42250 mkimage: fit: add support to encrypt image with aes
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:15:49 -05:00
Cristian Ciocaltea
a031b03f64 image: Add IH_OS_EFI for EFI chain-load boot
Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.

Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};

Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:21 +01:00
Bin Meng
1af5e97d8d tools: image.h: Use portable uint32_t instead of linux-specific __be32
__be32 has Linux kernel specific __attribute__((bitwise)) which is
not portable. Use uint32_t instead.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2019-10-28 13:32:50 -04:00
Patrick Delaunay
e7fabe75ae image: add new "copro" image type
Define new image type for coprocessor images.
It is used in FIT to identify the files loaded
with remoteproc command (elf or bin).

Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-08-27 11:19:23 +02:00
Lukas Auer
5e30e45c83 spl: support booting via RISC-V OpenSBI
RISC-V OpenSBI is an open-source implementation of the RISC-V Supervisor
Binary Interface (SBI) specification. It is required by Linux and U-Boot
running in supervisor mode. This patch adds support for booting via the
OpenSBI FW_DYNAMIC firmware. It supports OpenSBI version 0.4 and higher.

In this configuration, U-Boot SPL starts in machine mode. After loading
OpenSBI and U-Boot proper, it will start OpenSBI. All necessary
parameters are generated by U-Boot SPL and are passed to OpenSBI. U-Boot
proper is started in supervisor mode by OpenSBI. Support for OpenSBI is
enabled with CONFIG_SPL_OPENSBI. An additional configuration entry,
CONFIG_SPL_OPENSBI_LOAD_ADDR, is used to specify the load address of the
OpenSBI firmware binary. It is not used directly in U-Boot and instead
is intended to make the value available to scripts such as FIT
configuration generators.

The header file include/opensbi.h is based on header files from the
OpenSBI project. They are recent, as of commit bae54f764570 ("firmware:
Add fw_dynamic firmware").

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
2019-08-26 16:07:42 +08:00
Julius Werner
2090854cd2 common: Move bootm_decomp_image() to image.c (as image_decomp())
Upcoming patches want to add decompression to use cases that are no
longer directly related to booting. It makes sense to retain a single
decompression routine, but it should no longer be in bootm.c (which is
not compiled for all configurations). This patch moves
bootm_decomp_image() to image.c and renames it to image_decomp() in
preparation of those upcoming patches.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fix warning around handle_decomp_error being unused]
Signed-off-by: Tom Rini <trini@konsulko.com>
2019-07-29 09:30:42 -04:00
Tom Rini
c76c93a3d5 configs: Rename CONFIG_IMAGE_FORMAT_LEGACY to CONFIG_LEGACY_IMAGE_FORMAT
The name CONFIG_LEGACY_IMAGE_FORMAT reads slightly better along with
allowing us to avoid a rather nasty Kbuild/Kconfig issue down the line
with CONFIG_IS_ENABLED(IMAGE_FORMAT_LEGACY).  In a few places outside of
cmd/ switch to using CONFIG_IS_ENABLED() to test what is set.

Signed-off-by: Tom Rini <trini@konsulko.com>
2019-07-11 14:11:18 -04:00
Tien Fong Chee
0a42a132a4 ARM: socfpga: Add FPGA drivers for Arria 10 FPGA bitstream loading
Add FPGA driver to support program FPGA with FPGA bitstream loading from
filesystem. The driver are designed based on generic firmware loader
framework. The driver can handle FPGA program operation from loading FPGA
bitstream in flash to memory and then to program FPGA.

Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
2019-05-10 22:48:11 +02:00
Chris Packham
4ad2c8953d Remove #define CONFIG_CRC32
There is no check for CONFIG_CRC32 so the #define in image.h does
nothing. Remove it.

Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Reviewed-by: Heiko Schocher <hs@denx.de>
2019-05-10 07:18:13 -04:00
Alex Kiernan
89665f2eb1 Refactor IMAGE_ENABLE_VERIFY to handle builds without SPL verification
If building with SPL_LOAD_FIT_FULL and FIT_SIGNATURE, but without
SPL_FIT_SIGNATURE then the build fails with:

  common/built-in.o: In function `fit_image_verify_with_data':
  common/image-fit.c:1220: undefined reference to `fit_image_verify_required_sigs'
  common/image-fit.c:1244: undefined reference to `fit_image_check_sig'
  common/built-in.o: In function `fit_image_load':
  common/image-fit.c:1857: undefined reference to `fit_config_verify'

Refactor so that host builds still depend on FIT_SIGNATURE, but target
builds check FIT_SIGNATURE/SPL_FIT_SIGNATURE dependent on the build.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-05-05 08:48:50 -04:00
Eugeniu Rosca
829ceb2821 image: android: allow booting lz4-compressed kernels
According to Android image format [1], kernel image resides at 1 page
offset from the boot image address. Grab the magic number from there
and allow U-Boot to handle LZ4-compressed KNL binaries instead of
hardcoding compression type to IH_COMP_NONE. Other compression types,
if needed, can be added later.

Tested on H3ULCB-KF using the image detailed in [2].

[1] Excerpt from include/android_image.h
    +-----------------+
    | boot header     | 1 page
    +-----------------+
    | kernel          | n pages
    +-----------------+
    | ramdisk         | m pages
    +-----------------+
    | second stage    | o pages
    +-----------------+

[2] => iminfo 4c000000
    ## Checking Image at 4c000000 ...
    Android image found
    kernel size:      85b9d1
    kernel address:   48080000
    ramdisk size:     54ddbc
    ramdisk addrress: 4a180000
    second size:      0
    second address:   48000800
    tags address:     48000100
    page size:        800
    os_version:       1200012a (ver: 0.9.0, level: 2018.10)
    name:
    cmdline:          buildvariant=userdebug

Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
2019-04-24 07:27:32 -04:00
Stefano Babic
24431adc36 Restore compatibility of image type IDs
Commit a2b96ece5b breaks the enumeration
of the Image Types. New image types can be appended, but they cannot be
inserted in the list else backward compatibility is broken.

This restores the images types as before 2018.11 and move i.MX8 related
images at the end.

Signed-off-by: Robert Berger <robert.berger@ReliableEmbeddedSystems.com>
Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Tom Rini <trini@konsulko.com>
2018-12-17 07:09:29 -05:00
Philippe Reynes
061daa0b61 rsa: add support of padding pss
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Philippe Reynes
20031567e1 rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Ryder Lee
3b975a147c tools: MediaTek: add MTK boot header generation to mkimage
This patch adds support for MTK boot image generation.

Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-11-28 23:04:43 -05:00
Peng Fan
a2b96ece5b tools: add i.MX8/8X image support
i.MX8/8X bootable image type is container type.
The bootable image, containers a container set which supports two
container. The 1st container is for SECO firmware, the 2nd container
needs to include scfw, m4_0/1 image, ACore images per your requirement.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2018-10-22 13:01:27 +02:00
Alex Kiernan
795f452eef mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
2018-07-10 16:56:00 -04:00
Marek Vasut
7f13b374fd ARM: image: Add option for ignoring ep bit 3
Add option to the booti_setup() which indicates to it that the caller
requires the image to be relocated to the beginning of the RAM and
that the information whether the image can be located anywhere in RAM
at 2 MiB aligned boundary or not is to be ignored. This is useful ie.
in case the Image is wrapped in another envelope, ie. fitImage and not
relocating it but moving it would corrupt the envelope.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bin Chen <bin.chen@linaro.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-By: Bin Chen <bin.chen@linaro.org>
2018-06-19 07:31:45 -04:00
Kelvin Cheung
c3c8638804 add FIT data-position & data-offset property support
Add FIT data-position & data-offset property support for bootm,
which were already supported in SPL.

Signed-off-by: Kelvin Cheung <keguang.zhang@gmail.com>
2018-05-26 18:19:19 -04:00
Marek Vasut
0298d20375 fit: Add standalone image type handling
Just add IH_TYPE_STANDALONE to fit_get_image_type_property().

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-23 22:06:40 -04:00
Tom Rini
16c4b169af FIT: Make fit_conf_print() be a static function
We only call fit_conf_print from one place in the code, so mark it as
static and move it up to where we call it.  This in turn has us move a
few other already static functions up further as well.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-23 17:30:02 -04:00
Tom Rini
3b52847a45 Xilinx changes for v2018.07
microblaze:
 - Align defconfig
 
 zynq:
 - Rework fpga initialization and cpuinfo handling
 
 zynqmp:
 - Add ZynqMP R5 support
 - Wire and enable watchdog on zcu100-revC
 - Setup MMU map for DDR at run time
 - Show board info based on DT and cleanup IDENT_STRING
 
 zynqmp tools:
 - Add read partition support
 - Add initial support for Xilinx bif format for boot.bin generation
 
 mmc:
 - Fix get_timer usage on 64bit cpus
 - Add support for SD3.0 UHS mode
 
 nand-zynq:
 - Add support for 16bit buswidth
 - Use address cycles from onfi params
 
 scsi:
 - convert ceva sata to UCLASS_AHCI
 
 timer:
 - Add Cadence TTC for ZynqMP r5
 
 watchdog:
 - Minor cadence driver cleanup
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAlr1ldMACgkQykllyylKDCHioACghoJw6+NqsZXl8zGWRP38yZ5K
 mvgAnihfOQq125mpKPZmcc5yt6wVwYIU
 =8ji9
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2018.07' of git://www.denx.de/git/u-boot-microblaze

Xilinx changes for v2018.07

microblaze:
- Align defconfig

zynq:
- Rework fpga initialization and cpuinfo handling

zynqmp:
- Add ZynqMP R5 support
- Wire and enable watchdog on zcu100-revC
- Setup MMU map for DDR at run time
- Show board info based on DT and cleanup IDENT_STRING

zynqmp tools:
- Add read partition support
- Add initial support for Xilinx bif format for boot.bin generation

mmc:
- Fix get_timer usage on 64bit cpus
- Add support for SD3.0 UHS mode

nand-zynq:
- Add support for 16bit buswidth
- Use address cycles from onfi params

scsi:
- convert ceva sata to UCLASS_AHCI

timer:
- Add Cadence TTC for ZynqMP r5

watchdog:
- Minor cadence driver cleanup
2018-05-11 11:45:28 -04:00
Alexander Graf
6915dcf359 tools: zynqmpimage: Add bif support
The officially described way to generate boot.bin files for ZynqMP is to
describe the contents of the target binary using a file of the "bif"
format.  This file then links to other files that all get packed into a
bootable image.

This patch adds support to read such a .bif file and generate a respective
ZynqMP boot.bin file that can include the normal image and pmu files, but
also supports image partitions now. This makes it a handy replacement for
the proprietary "bootgen" utility that is currently used to generate
boot.bin files with FSBL.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2018-05-11 09:23:44 +02:00
Marek Vasut
662abc4fc5 image: socfpga: Add SFP image version 1 definition
Add support for the SoCFPGA header v1, which is used on Arria 10.
The layout of the v0 and v1 header is similar, yet there are a few
differences which make it incompatible with previous v0 header, so
add a new entry.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Dinh Nguyen <dinguyen@kernel.org>
Cc: Chin Liang See <chin.liang.see@intel.com>
2018-05-08 21:08:42 +02:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Michal Simek
1f8e4bf55e image: fit: Show firmware configuration property if present
SPL ATF support requires to have firmware property which should be also
listed by mkimage -l when images is created.

The patch is also using this macro in spl_fit to match keyword.

When image is created:
 Default Configuration: 'config'
 Configuration 0 (config)
  Description:  ATF with full u-boot
  Kernel:       unavailable
  Firmware:     atf
  FDT:          dtb

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jun Nie <jun.nie@linaro.org>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
2018-04-06 20:45:44 -04:00
Masahiro Yamada
641599a63d image.h: add forward declaration of struct fdt_region
This header needs to know 'fdt_region' is a struct for the
fit_region_make_list() prototype.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-04-01 22:19:10 +08:00
Bryan O'Donoghue
45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
This patch adds a new type IH_OS_TEE. This new OS type will be used for
chain-loading to Linux via a TEE.

With this patch in-place you can generate a bootable OPTEE image like this:

mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee

where "tee.bin" is the input binary prefixed with an OPTEE header and
uTee.optee is the output prefixed with a u-boot wrapper header.

This image type "-T kernel -O tee" is differentiated from the existing
IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow
control returns to u-boot) whereas for the new IH_OS_TEE control passes to
the OPTEE firmware and the firmware chainloads onto Linux.

Andrew Davis gave the following ASCII diagram:

IH_OS_TEE: (mkimage -T kernel -O tee)
Non-Secure       Secure

                 BootROM
                   |
      -------------
     |
     v
    SPL
     |
     v
   U-Boot ------>
          <-----  OP-TEE
      |
      V
    Linux

IH_TYPE_TEE: (mkimage -T tee)
Non-Secure       Secure

                 BootROM
                   |
      -------------
     |
     v
    SPL ------->
         <-----  OP-TEE
     |
     v
   U-Boot
      |
      V
    Linux

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
2018-03-19 16:14:25 -04:00
Patrick Delaunay
81260e3331 tools/mkimage: add support for STM32 image format
STM32MP157 bootrom needs a specific header for first boot stage.
This patch adds support of this header in mkimage.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2018-03-19 16:14:19 -04:00
Jun Nie
5c643db4cc SPL: Add signature verification when loading image
U-boot proper signature is not verified by SPL on most platforms
even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape
platform support secure boot in platform specific code. So
verified boot cannot be achieved if u-boot proper is loaded by
SPL.

This patch add signature verification to u-boot proper images
when loading FIT image in SPL. It is tested on Allwinner bananapi
zero board with H2+ SoC.

Signed-off-by: Jun Nie <jun.nie@linaro.org>
2018-03-19 09:59:32 -04:00
Masahiro Yamada
b08c8c4870 libfdt: move headers to <linux/libfdt.h> and <linux/libfdt_env.h>
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.

This commit moves the header code:
  include/libfdt.h         -> include/linux/libfdt.h
  include/libfdt_env.h     -> include/linux/libfdt_env.h

and replaces include directives:
  #include <libfdt.h>      -> #include <linux/libfdt.h>
  #include <libfdt_env.h>  -> #include <linux/libfdt_env.h>

Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-03-05 10:16:28 -05:00
Bin Chen
6808ef9ac2 move booti_setup to arch/arm/lig/image.c
Follow bootz's pattern by moving the booti_setup to arch/arm/lib.
This allows to use booti_setup in other paths, e.g booting
an Android image containing Image format.

Note that kernel relocation is move out of booti_setup and it is the
caller's responsibility to do it and allows them do it differently. say,
cmd/booti.c just do a manually, while in the bootm path, we can use
bootm_load_os(with some changes).

Signed-off-by: Bin Chen <bin.chen@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-02-07 22:06:11 -05:00
Bin Chen
104816142f parse the second area of android image
The second area of android image was intended to put a 2nd stage
bootloader but in practice were rarely used (in my knowledge).

An proposal was made to the AOSP to (re)use the second area as the dtb[1],
This patch itself doesn't depend on that proposal being accepted but it won't
be that helpful as well if that proposal won't be accepted. But don't do
any harm as well.

[1] https://android-review.googlesource.com/#/c/417447/
Signed-off-by: Bin Chen <bin.chen@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
2018-02-07 21:58:26 -05:00
Andre Przywara
b2267e8a22 fix incorrect usage of DT node unit address in comments
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2018-01-15 18:29:21 -07:00
Rick Chen
068feb9b86 riscv: Modify generic codes to support RISC-V
Support common commands bdinfo and image format,
also modify common generic flow for RISC-V.

Signed-off-by: Rick Chen <rick@andestech.com>
Signed-off-by: Rick Chen <rickchen36@gmail.com>
Signed-off-by: Greentime Hu <green.hu@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-01-12 08:05:12 -05:00
Peng Fan
a1be94b654 SPL: Add FIT data-position property support
For external data, FIT has a optional property "data-position" which
can set the external data to a fixed offset to FIT beginning.
Add the support for this property in SPL FIT.

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tomas Melin <tomas.melin@vaisala.com>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: "Andrew F. Davis" <afd@ti.com>
Cc: Igor Grinberg <grinberg@compulab.co.il>
Cc: "tomas.melin@vaisala.com" <tomas.melin@vaisala.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Andre Przywara <andre.przywara@arm.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: "Cooper Jr., Franklin" <fcooper@ti.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Cc: Jean-Jacques Hiblot <jjhiblot@ti.com>
Cc: Rick Altherr <raltherr@google.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-12-12 21:33:38 -05:00
Philipp Tomsich
4914af1286 image: add IH_OS_ARM_TRUSTED_FIRMWARE for ARM Trusted Firmware
To boot on ARMv8 systems with ARM Trusted Firmware, we need to
assemble an ATF-specific parameter structure and also provide the
address of the images started by ATF (e.g. BL3-3, which may be the
full U-Boot).

To allow us to identify an ARM Trusted Firmware contained in a FIT
image, this adds the necessary definitions.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-11-26 00:39:06 +01:00
Tuomas Tynkkynen
137aefba03 common: Remove genimg_get_image()
Removal of the legacy DataFlash code turned genimg_get_image() into a
no-op. Drop all calls to it and the function itself.

Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
2017-10-16 09:42:51 -04:00
Jean-Jacques Hiblot
02035d0086 fit: If no matching config is found in fit_find_config_node(), use the default one
If board_fit_config_name_match() doesn't match any configuration node,
then use the default one (if provided).

Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-10-05 21:31:04 -04:00
Pantelis Antoniou
169043d826 fit: Introduce methods for applying overlays on fit-load
Introduce an overlay based method for constructing a base DT blob
to pass to the kernel.

It is based on a specific method now to get the FDT from a FIT image
named boot_get_fdt_fit().

Signed-off-by: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Acked-by: Simon Glass <sjg@chromium.org>
2017-09-15 05:27:49 -06:00
Andrew F. Davis
6442c9643e image: Add TI PMMC image type
Add a new image type representing TI Power Management
Micro-Controller (PMMC) Firmware image type.

Signed-off-by: Andrew F. Davis <afd@ti.com>
2017-09-12 17:58:02 -04:00
Simon Glass
723806cc5b env: Rename some other getenv()-related functions
We are now using an env_ prefix for environment functions. Rename these
other functions as well, for consistency:

   getenv_vlan()
   getenv_bootm_size()
   getenv_bootm_low()
   getenv_bootm_mapsize()
   env_get_default()

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
2017-08-16 08:31:11 -04:00
Simon Glass
00caae6d47 env: Rename getenv/_f() to env_get()
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
2017-08-16 08:30:24 -04:00
Cooper Jr., Franklin
92926bc80c boot_fit: Create helper functions that can be used to select DTB out of FIT
Some platforms may append a FIT image to the U-boot image. This function
aids in parsing the FIT image and selecting the correct DTB at runtime.

Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2017-07-10 14:25:50 -04:00
Cooper Jr., Franklin
3863f840fa spl: fit: Break out some functions into a common file
Some of the functions within spl_fit will be used for non spl purposes.
Instead of duplicating functions simply break the functions to be reused
into its own file.

Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Only add the new define to image.h, otherwise we see breakage
due to massive include leakage into host tools in some cases]
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-07-10 14:24:39 -04:00
Alison Wang
4ac0a32e24 armv8: Support loading 32-bit OS which is not in the form of FIT
As only FIT image is supported now, this patch is to support loading
32-bit uImage, dtb and rootfs separately.

Signed-off-by: Alison Wang <alison.wang@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2017-06-09 20:34:56 -04:00
Tom Rini
089df18bfe lib: move hash CONFIG options to Kconfig
Commit 94e3c8c4fd ("crypto/fsl - Add progressive hashing support
using hardware acceleration.") created entries for CONFIG_SHA1,
CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL.
However, no defconfig has migrated to it.  Complete the move by first
adding additional logic to various Kconfig files to select this when
required and then use the moveconfig tool.  In many cases we can select
these because they are required to implement other drivers.  We also
correct how we include the various hashing algorithms in SPL.

This commit was generated as follows (after Kconfig additions):

[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL
[2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL

Note:
We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously
because there is dependency between them.

Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com>
Cc: Naveen Burmi <NaveenBurmi@freescale.com>
Cc: Po Liu <po.liu@freescale.com>
Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Cc: Priyanka Jain <Priyanka.Jain@freescale.com>
Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
Cc: Chunhe Lan <Chunhe.Lan@freescale.com>
Cc: Chander Kashyap <k.chander@samsung.com>
Cc: Steve Rae <steve.rae@raedomain.com>
Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Feng Li <feng.li_2@nxp.com>
Cc: Alison Wang <alison.wang@freescale.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Cc: Mingkai Hu <Mingkai.Hu@freescale.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Akshay Saraswat <akshay.s@samsung.com>
Cc: Heiko Schocher <hs@denx.de>
Cc: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-05-22 08:36:58 -04:00
Tom Rini
0db7f6859f FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which
is enabled by default and now a positive option.  Convert the handful of boards
that were disabling it before to save space.

Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Lukasz Dalek <luk0104@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-05-22 07:29:55 -04:00
Madan Srinivas
a5c7e41be3 image: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESS
The function 'board_fit_image_post_process' is defined only when the
config option CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure
systems that do not use SPL but do use FIT kernel images, only
CONFIG_FIT_IMAGE_POST_PROCESS will be defined, which will result in an
implicit declaration of function 'board_fit_image_post_process' warning
while building u-boot. Fix this warning.

Signed-off-by: Madan Srinivas <madans@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2017-04-08 21:35:04 -04:00
Andre Przywara
aeb9c53cae Kconfig: define MD5 dependency for FIT support
FIT images require MD5 support to verify image checksums. So far this
was expressed by defining a CPP symbol in image.h. Since MD5 is now a
first class Kconfig citizen, express that in Kconfig instead.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-03-17 09:09:40 -04:00
Rick Altherr
c2e7e72bb9 bootm: relocate ramdisk if CONFIG_SYS_BOOT_RAMDISK_HIGH set
In 35fc84f, bootm was refactored so plain 'bootm' and
'bootm <subcommand>' shared a common implementation.
The 'bootm ramdisk' command implementation is now part of the common
implementation but not invoke by plain 'bootm' since the original
implementation never did ramdisk relocation.  Instead, ramdisk
relocation happened in image_setup_linux() which is typically called
during the OS portion of 'bootm'.

On ARM, parameters to the Linux kernel can either be passed by FDT or
ATAGS. When using FDT, image_setup_linux() is called which also triggers
ramdisk relocation.  When using ATAGS, image_setup_linux() is _not_
called because it mostly does FDT setup.

Instead of calling image_setup_linux() in both FDT and ATAGS cases,
include BOOTM_STATE_RAMDISK in the requested states during a plain
'bootm' if CONFIG_SYS_BOOT_RAMDISK_HIGH is set and remove the ramdisk
relocation from image_setup_linux().  This causes ramdisk relocation to
happen on any system where CONFIG_SYS_BOOT_RAMDISK_HIGH regardless of
the OS being booted. Also remove IMAGE_ENABLE_RAMDISK_HIGH as it was
only used by the now-removed code from image_setup_linux().

Signed-off-by: Rick Altherr <raltherr@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
2017-01-20 09:15:20 -05:00
Tom Rini
f253f2933b Merge branch 'master' of git://git.denx.de/u-boot-video 2017-01-16 20:23:14 -05:00
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
tomas.melin@vaisala.com
db1b79b886 splash: add support for loading splash from a FIT image
Enable support for loading a splash image from within a FIT image.
The image is assumed to be generated with mkimage -E flag to hold
the data external to the FIT.

Signed-off-by: Tomas Melin <tomas.melin@vaisala.com>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
2017-01-13 17:40:38 +01:00
Sven Ebenfeld
d21bd69b6e tools: mkimage: add firmware-ivt image type for HAB verification
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:06:57 +01:00
Andrew F. Davis
7e719ee7d8 image: Add Trusted Execution Environment image type
Add a new image type representing Trusted Execution Environment (TEE)
image types. For example, an OP-TEE OS binary image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-03 13:21:20 -05:00
Andrew F. Davis
d7be50921e image: Add FIT image loadable section custom processing
To help automate the loading of custom image types we add the ability
to define custom handlers for the loadable section types. When we find
a compatible type while loading a "loadable" image from a FIT image we
run its associated handlers to perform any additional steps needed for
loading this image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-03 13:21:19 -05:00
Andrew Duda
83dd98e012 image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:31 -05:00
Andrew Duda
0c1d74fda7 image: Add crypto_algo struct for RSA info
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:31 -05:00
Andrew Duda
da29f2991d rsa: Verify RSA padding programatically
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:30 -05:00
Andrew Duda
5300a4f933 rsa: cosmetic: rename pad_len to key_len
checksum_algo's pad_len field isn't actually used to store the length of
the padding but the total length of the RSA key (msg_len + pad_len)

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:30 -05:00
Albert ARIBAUD \(3ADEV\)
ed0c2c0a9e tools: mkimage: add support for Vybrid image format
This format can be flashed directly at address 0 of
the NAND FLASH, as it contains all necessary headers.

Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr>
2016-10-06 09:06:16 +02:00
Chris Zankel
de5e5cea02 xtensa: add support for the xtensa processor architecture [1/2]
The Xtensa processor architecture is a configurable, extensible,
and synthesizable 32-bit RISC processor core provided by Cadence.

This is the first part of the basic architecture port with changes to
common files. The 'arch/xtensa' directory, and boards and additional
drivers will be in separate commits.

Signed-off-by: Chris Zankel <chris@zankel.net>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-08-15 18:46:38 -04:00
Masahiro Yamada
ff87b08107 image: fix IH_ARCH_... values for uImage compatibility
Commit 555f45d8f9 ("image: Convert the IH_... values to enums")
accidentally changed some IH_ARCH_... values.

Prior to that commit, there existed a gap between IH_ARCH_M68K and
IH_ARCH_MICROBLAZE, like follows.

  #define IH_ARCH_SPARC64         11      /* Sparc 64 Bit */
  #define IH_ARCH_M68K            12      /* M68K         */
  #define IH_ARCH_MICROBLAZE      14      /* MicroBlaze   */
  #define IH_ARCH_NIOS2           15      /* Nios-II      */

The enum conversion broke the compatibility with existing uImage
files.  Reverting 555f45d8f9 will cause build error unfortunately,
so here is a more easy fix.

I dug the git history and figured out the gap was introduced by
commit 1117cbf2ad ("nios: remove nios-32 arch").  So, I revived
IH_ARCH_NIOS just for filling the gap.

I added comments to each enum block.  Once we assign a value to
IH_... it is not allowed to change it.

Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-07-21 10:47:03 -04:00
Simon Glass
1426220b0e image: Add functions to obtain category information
Add generic functions which can look up information about a category:

- the number of items in the category
- the category description
- an item long time
- an item short time

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:30 -04:00
Simon Glass
56d7ab7476 image: Create a table of information for each category
Add a table that contains the category name, the number of items in each
category and a pointer to the table of items. This will allow us to use
generic code to deal with the categories.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:29 -04:00
Simon Glass
555f45d8f9 image: Convert the IH_... values to enums
We need to know the number of values of each category (architecture,
compression, OS and image type). To make this value easier to maintain,
convert all values to enums. The count is then automatic.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:28 -04:00
Daniel Allred
da74d1f341 spl: fit: add support for post-processing of images
The next stage boot loader image and the selected FDT can be post-
processed by board/platform/device-specific code, which can include
modifying the size and altering the starting source address before
copying these binary blobs to their final destination. This might be
desired to do things like strip headers or footers attached to the
images before they were packaged into the FIT, or to perform operations
such as decryption or authentication. Introduce new configuration
option CONFIG_SPL_FIT_IMAGE_POST_PROCESS to allow controlling this
feature. If enabled, a platform-specific post-process function must
be provided.

Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-07-14 18:22:21 -04:00
Michael Trimarchi
4f1318b29c common: image: minimal android image iminfo support
We already support iminfo for other images. The idea
of this patch is start to have a minimal support for
android image format. We still need to print id[] array

Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-06-24 17:23:07 -04:00
Masahiro Yamada
6f41751f46 Revert "image.h: Tighten up content using handy CONFIG_IS_ENABLED() macro."
This reverts commit 56adbb3872.

Since commit 56adbb3872 ("image.h: Tighten up content using handy
CONFIG_IS_ENABLED() macro."), I found my boards fail to boot Linux
because the commit changed the logic of macros it touched.  Now,
IMAGE_ENABLE_RAMDISK_HIGH and IMAGE_BOOT_GET_CMDLINE are 0 for all
the boards.

As you can see in include/linux/kconfig.h, CONFIG_IS_ENABLE() (and
IS_ENABLED() as well) can only take a macro that is either defined
as 1 or undefined.  This is met for boolean options defined in
Kconfig.  On the other hand, CONFIG_SYS_BOOT_RAMDISK_HIGH and
CONFIG_SYS_BOOT_GET_CMDLINE are defined without any value in
arch/*/include/asm/config.h .  This kind of clean-up is welcome,
but the options should be moved to Kconfig beforehand.

Moreover, CONFIG_IS_ENABLED(SPL_CRC32_SUPPORT) looks weird.
It should be either CONFIG_IS_ENABLED(CRC32_SUPPORT) or
IS_ENABLED(CONFIG_SPL_CRC32_SUPPORT).  But, I see no define for
CONFIG_SPL_CRC32_SUPPORT anywhere.  Likewise for the other three.

The logic of IMAGE_OF_BOARD_SETUP and IMAGE_OF_SYSTEM_SETUP were
also changed for SPL.  This can be a problem for boards defining
CONFIG_SPL_OF_LIBFDT.  I guess it should have been changed to
IS_ENABLED(CONFIG_OF_BOARD_SETUP).

In the first place, if we replace the references in C code,
the macros IMAGE_* will go away.

  if (IS_ENABLED(CONFIG_OF_BOARD_SETUP) {
          ...
  }

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2016-05-31 10:20:14 -04:00
Robert P. J. Day
56adbb3872 image.h: Tighten up content using handy CONFIG_IS_ENABLED() macro.
In order for CONFIG_IS_ENABLED(FOO) to work we need to move the changes
that CONFIG_FIT_DISABLE_SHA256 makes to be prior to the evaluation by
CONFIG_IS_ENABLED(foo)

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
[trini: Move CONFIG_FIT_DISABLE_SHA256 parts to fix build breakage]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-05-27 15:47:55 -04:00
Michal Simek
62afc60188 image: Add boot_get_fpga() to load fpga with bootm
Add function boot_get_fpga() which find and load bitstream to
programmable logic if fpga entry is present.
Function is supported on Xilinx devices for full and partial bitstreams
in BIN and BIT format.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Remove additional blankline in image.h
2016-05-24 13:17:59 +02:00
Michal Simek
ed0cea7c52 mkimage: Report information about fpga
Add FIT_FPGA_PROP that user can identify an optional
entry for fpga.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-05-24 11:15:02 +02:00
Michal Simek
d9b58b3031 tools: zynqmpimage: Add Xilinx ZynqMP boot header generation
Add support for the zynqmpimage to mkimage.
Only basic functionality is supported without encryption and register
initialization with one partition which is filled by U-Boot SPL.
For more detail information look at Xilinx ZynqMP TRM.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-05-24 11:15:01 +02:00
Simon Glass
f1dcee59a2 spl: Add an option to load a FIT containing U-Boot
This provides a way to load a FIT containing U-Boot and a selection of device
tree files. The board can select the correct device tree by probing the
hardware. Then U-Boot is started with the selected device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:30 -04:00
Simon Glass
4b307f2387 spl: Add a way for boards to select which device tree to load
SPL calls this function with each device tree it can find in the FIT. The
board should implement this function, using whatever hardware detection it
can muster to determine the correct device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:30 -04:00
Simon Glass
cef2e51489 image: Add functions to obtain short names
Sometimes it is useful to obtain the short name for an Operating System,
architecture or compression mechanism. Provide functions for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:28 -04:00
Simon Glass
aa34fbc087 fdt: Allow libfdt to be used in SPL
Add an option to enable libfdt in SPL. This can be useful when decoding
FIT files in SPL.

We need to make sure this option is not enabled in SPL by this change.
Also this option needs to be enabled in host builds. Si add a new
IMAGE_USE_LIBFDT #define which can be used in files that are built on the
host but must also build for U-Boot and SPL.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:26 -04:00
Simon Glass
73223f0e1b Kconfig: Move CONFIG_FIT and related options to Kconfig
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.

Move these options to Kconfig and tidy up board configuration:

   CONFIG_FIT
   CONFIG_OF_BOARD_SETUP
   CONFIG_OF_SYSTEM_SETUP
   CONFIG_FIT_SIGNATURE
   CONFIG_FIT_BEST_MATCH
   CONFIG_FIT_VERBOSE
   CONFIG_OF_STDOUT_VIA_ALIAS
   CONFIG_RSA

Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.

Note: Masahiro's moveconfig.py script is amazing.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-14 19:18:07 -04:00
Simon Glass
69e173eb57 Move CONFIG_OF_LIBFDT to Kconfig
Move this option to Kconfig and tidy up existing boards.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:50:25 -04:00
Simon Glass
7a80de4641 image: Correct the OS location code to work on sandbox
A recent change broke the 'bootm' command on sandbox. The root cause is
using a pointer as an address. Conversion from pointer to address needs to
use map_to_sysmem() so that sandbox can do the right thing. The problem was
pre-existing but uncovered by a recent commit.

Fix this. Also move fit_get_end() to the C file to avoid needing to include
mapmem.h (and thus asm/io.h) everywhere.

Fixes: 1fec3c5d (common/image.c: Make boot_get_ramdisk() perform a check for Android images)

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-02-26 08:53:10 -07:00
Nathan Rossi
66eef1e780 tools: zynqimage: Add Xilinx Zynq boot header generation to mkimage
As with other platforms vendors love to create their own boot header
formats. Xilinx is no different and for the Zynq platform/SoC there
exists the "boot.bin" which is read by the platforms bootrom. This
format is described to a useful extent within the Xilinx Zynq TRM.

This implementation adds support for the 'zynqimage' to mkimage. The
implementation only considers the most common boot header which is
un-encrypted and packed directly after the boot header itself (no
XIP, etc.). However this implementation does take into consideration the
other fields of the header for image dumping use cases (vector table and
register initialization).

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2015-11-19 13:09:21 +01:00
Julius Werner
027b728d4a Add support for LZ4 decompression algorithm
This patch adds support for LZ4-compressed FIT image contents. This
algorithm has a slightly worse compression ration than LZO while being
nearly twice as fast to decompress. When loading images from a fast
storage medium this usually results in a boot time win.

Sandbox-tested only since I don't have a U-Boot development system set
up right now. The code was imported unchanged from coreboot where it's
proven to work, though. I'm mostly interested in getting this recognized
by mkImage for use in a downstream project.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-10-11 17:12:10 -04:00
Simon Glass
10b84fe1b5 rockchip: Add support for the SPI image
The Rockchip boot ROM requires a particular file format for booting from SPI.
It consists of a 512-byte header encoded with RC4, some padding and then up
to 32KB of executable code in 2KB blocks, separated by 2KB empty blocks.

Add support to mkimage so that an SPL image (u-boot-spl-dtb.bin) can be
converted to this format. This allows booting from SPI flash on supported
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-09-02 21:28:23 -06:00
Simon Glass
f9a3c278b9 rockchip: Add support for the SD image
The Rockchip boot ROM requires a particular file format. It consists of
64KB of zeroes, a 512-byte header encoded with RC4, and then some executable
code.

Add support to mkimage so that an SPL image (u-boot-spl-dtb.bin) can be
converted to this format.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-09-02 21:28:23 -06:00
Simon Glass
a131c1f442 rockchip: Add the rkimage format to mkimage
Rockchip SoCs require certain formats for code that they execute, The
simplest format is a 4-byte header at the start of a binary file. Add
support for this so that we can create images that the boot ROM understands.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-09-02 21:28:23 -06:00
Simon Glass
5b9d44df23 mkimage: Display a better list of available image types
Offer to display the available image types in help. Also, rather than
hacking the genimg_get_type_id() function to display a list of types,
do this in the tool. Also, sort the list.

The list of image types is quite long, and hard to discover. Print it out
when we show help information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-07-21 17:39:20 -06:00
Karl Apsite
84a07dbfd8 add boot_get_loadables() to load listed images
Added a trimmed down instance of boot_get_<thing>() to satisfy the
minimum requierments of the added feature.  The function follows the
normal patterns set by other boot_get<thing>'s, which should make it a
bit easier to combine them all together into one boot_get_image()
function in a later refactor.

Documentation for the new function can be found in source:
  include/image.h

Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-05-28 08:18:20 -04:00
Karl Apsite
ecf8cd6535 mkimage will now report information about loadable
Added FIT_LOADABLE_PROP, so the user can identify an optional entry
named "loadables" in their .its configuration. "loadables" is a comma
separated list in the .its

Documentation can be found in doc/uImage.FIT/source_file_format.txt and
                              doc/uImage.Fit/multi-with-loadables.its

Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-05-28 08:18:20 -04:00
Jörg Krause
26e355d131 Fix musl build
This patch fixes cross-compiling U-Boot tools with the musl C library:
  * including <sys/types.h> is needed for ulong
  * defining _GNU_SOURCE is needed for loff_t

Tested for target at91sam9261ek_dataflash_cs3.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Tom Rini <trini@konsulko.com>
2015-05-08 17:24:17 -04:00
Albert ARIBAUD \(3ADEV\)
39f520bb62 lpc32xx: add lpc32xx-spl.bin boot image target
Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr>
2015-04-10 14:23:26 +02:00
Tom Rini
8e3da9dd11 Merge branch 'master' of git://git.denx.de/u-boot-dm 2015-01-30 09:24:42 -05:00
Ruchika Gupta
b37b46f042 rsa: Use checksum algorithms from struct hash_algo
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)

Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
2015-01-29 17:09:59 -07:00
Guilherme Maciel Ferreira
39931f966a dumpimage: fit: extract FIT images
The dumpimage is able to extract components contained in a FIT image:

  $ ./dumpimage -T flat_dt -i CONTAINER.ITB -p INDEX FILE

The CONTAINER.ITB is a regular FIT container file. The INDEX is the poisition
of the sub-image to be retrieved, and FILE is the file (path+name) to save the
extracted sub-image.

For example, given the following kernel.its to build a kernel.itb:

  /dts-v1/;
  / {
      ...
      images {
        kernel@1 {
          description = "Kernel 2.6.32-34";
          data = /incbin/("/boot/vmlinuz-2.6.32-34-generic");
          type = "kernel";
          arch = "ppc";
          os = "linux";
          compression = "gzip";
          load = <00000000>;
          entry = <00000000>;
          hash@1 {
            algo = "md5";
          };
        };
        ...
      };
      ...
    };

The dumpimage can extract the 'kernel@1' node through the following command:

  $ ./dumpimage -T flat_dt -i kernel.itb -p 0 kernel
  Extracted:
   Image 0 (kernel@1)
    Description:  Kernel 2.6.32-34
    Created:      Wed Oct 22 15:50:26 2014
    Type:         Kernel Image
    Compression:  gzip compressed
    Data Size:    4040128 Bytes = 3945.44 kB = 3.85 MB
    Architecture: PowerPC
    OS:           Linux
    Load Address: 0x00000000
    Entry Point:  0x00000000
    Hash algo:    md5
    Hash value:   22352ad39bdc03e2e50f9cc28c1c3652

Which results in the file 'kernel' being exactly the same as '/boot/vmlinuz-2.6.32-34-generic'.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Marek Vasut
67ddd955fc image: bootm: Add OpenRTOS image type
Add separate image type for the Wittenstein OpenRTOS .

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-01-14 11:37:39 -05:00
Simon Glass
c654b5172a fdt: Add ft_system_setup() function for system device tree additions
Add an additional function for adding information to the device tree before
booting. This permits additions which are not board-specific.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Anatolij Gustschin <agust@denx.de>
Reviewed-by: Tom Rini <trini@ti.com>
2014-11-21 04:43:18 +01:00
Simon Glass
5bda35cffa x86: image: Add new image type for x64_64
This is a bit odd in that we are permitted to boot images for either, even
though they are separate architectures.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-28 20:44:04 -06:00
Simon Glass
90268b878b x86: Support loading kernel setup from a FIT
Add a new setup@ section to the FIT which can be used to provide a setup
binary for booting Linux on x86. This makes it possible to boot x86 from
a FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-22 09:03:06 -06:00
Charles Manning
832472a94d tools: socfpga: Add socfpga preloader signing to mkimage
Like many platforms, the Altera socfpga platform requires that the
preloader be "signed" in a certain way or the built-in boot ROM will
not boot the code.

This change automatically creates an appropriately signed preloader
from an SPL image.

The signed image includes a CRC which must, of course, be generated
with a CRC generator that the SoCFPGA boot ROM agrees with otherwise
the boot ROM will reject the image.

Unfortunately the CRC used in this boot ROM is not the same as the
Adler CRC in lib/crc32.c. Indeed the Adler code is not technically a
CRC but is more correctly described as a checksum.

Thus, the appropriate CRC generator is added to lib/ as crc32_alt.c.

Signed-off-by: Charles Manning <cdhmanning@gmail.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Chin Liang See <clsee@altera.com>
Cc: Dinh Nguyen <dinguyen@altera.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@ti.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Pavel Machek <pavel@denx.de>
Acked-by: Pavel Machek <pavel@denx.de>

V2: - Zap unused constant
    - Explicitly print an error message in case of error
    - Rework the hdr_checksum() function to take the *header directly
      instead of a plan buffer pointer
2014-10-06 17:38:17 +02:00
Simon Glass
fe20a81a68 Fix test failure caused by bad handling of ramdisk
Commit e3a5bbce broke the FIT image tests by not loading a ramdisk even if
a load address is provided in the FIT. The rationale was that a load address
of 0 should be considered to mean 'do not load'.

Add a new load operation which supports this feature, so that the ramdisk
will be loaded if a non-zero load address is provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-08-28 17:18:48 -04:00
Bryan Wu
6c454fedf5 image: fix bootm failure for FIT image
Commit b3dd64f5d5 "bootm: use genimg_get_kernel_addr()" introduced
a bug for booting FIT image. It's because calling fit_parse_config()
twice will give us wrong value in img_addr.

Add a new function genimg_get_kernel_addr_fit() whichl will always
return fit_uname_config and fit_uname_kernel for CONFIG_FIT.
genimg_get_kernel_addr() will ignore those to parameters.

Reported-by: York Sun <yorksun@freescale.com>
Signed-off-by: Bryan Wu <pengw@nvidia.com>
2014-08-21 12:01:29 -04:00
Bryan Wu
0f64140b69 image: introduce genimg_get_kernel_addr()
Kernel address is normally stored as a string argument of bootm or bootz.
This function is taken out from boot_get_kernel() of bootm.c, which can be
reused by others.

Signed-off-by: Bryan Wu <pengw@nvidia.com>
[trini: Fix warnings with CONFIG_FIT]
Signed-off-by: Tom Rini <trini@ti.com>
2014-08-09 11:18:47 -04:00
Dirk Eibach
9a4f479b64 fit: make sha256 support optional
sha256 has some beefy memory footprint.
Make it optional for constrained systems.

Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
2014-07-07 19:47:19 -04:00
Jeroen Hofstee
2b9912e6a7 includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19 11:19:04 -04:00
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00
Simon Glass
126cc86420 image: Remove the fit_load_image() property parameter
This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:59 -04:00
Michael van der Westhuizen
1de7bb4f27 Prevent a buffer overflow in mkimage when signing with SHA256
Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
 !USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>
2014-06-05 17:01:23 -04:00
Heiko Schocher
21d29f7f9f bootm: make use of legacy image format configurable
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
2014-06-05 14:44:56 -04:00
Andreas Bießmann
7b1a411743 mkimage: add atmelimage
The new atmelimage converts a machine code BLOB to bootable ROM image. Atmel
ROM has no sophisticated image format, it only checks the first 7 ARM vectors.
The vectors can contain valid B or LDR opcodes, the 6'th vector contains the
image size to load.

Additionally the PMECC header can be written by the atmelimage target. The
parameters must be given via the -n switch as a coma separated list. For
example:

mkimage -T atmelimage \
 -n usePmecc=1,sectorPerPage=4,sectorSize=512,spareSize=64,eccBits=4,eccOffset=36 \
 -d spl/u-boot-spl.bin boot.bin

A provided image can be checked for correct header setup. It prints out the
PMECC header parameters if it has one and the 6'th interrupt vector content.

---8<---
Image Type:	ATMEL ROM-Boot Image with PMECC Header
		PMECC header
		====================
		eccOffset:        36
		sectorSize:      512
		eccBitReq:         4
		spareSize:        64
		nbSectorPerPage:   4
		usePmecc:          1
		====================
		6'th vector has 17044 set
--->8---

A SPL binary modified with the atmelimage mkimage target was succesfully
booted on a sama5d34ek via MMC and NAND.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Bo Shen <voice.shen@atmel.com>
Cc: Heiko Schocher <hs@denx.de>
Tested-by: Bo Shen <voice.shen@atmel.com>
2014-05-27 00:10:48 +02:00
Tom Rini
c9afa7cea8 Merge branch 'master' of git://git.denx.de/u-boot-usb 2014-05-22 12:56:15 -04:00
Albert ARIBAUD
d2a3e91139 Merge branch 'u-boot/master'
Conflicts:
	drivers/net/Makefile

(trivial merge)
2014-05-09 11:50:14 +02:00
Sebastian Siewior
9ace3fc814 image: add support for Android's boot image format
This patch adds support for the Android boot-image format. The header
file is from the Android project and got slightly alterted so the struct +
its defines are not generic but have something like a namespace. The
header file is from bootloader/legacy/include/boot/bootimg.h. The header
parsing has been written from scratch and I looked at
bootloader/legacy/usbloader/usbloader.c for some details.
The image contains the physical address (load address) of the kernel and
ramdisk. This address is considered only for the kernel image.
The "second image" defined in the image header is currently not
supported. I haven't found anything that is creating this.

v3 (Rob Herring):
This is based on http://patchwork.ozlabs.org/patch/126797/ with the
following changes:
- Rebased to current mainline
- Moved android image handling to separate functions in
  common/image-android.c
- s/u8/char/ in header to fix string function warnings
- Use SPDX identifiers for licenses
- Cleaned-up file source information:
  android_image.h is from file include/boot/bootimg.h in repository:
  https://android.googlesource.com/platform/bootable/bootloader/legacy
  The git commit hash is 4205b865141ff2e255fe1d3bd16de18e217ef06a
  usbloader.c would be from the same commit, but it does not appear
  to have been used for any actual code.
v4:
- s/andriod/android/
- Use a separate flag ep_found to track if the entry point has been set
rather than using a magic value.

Cc: Wolfgang Denk <wd@denx.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Tom Rini <trini@ti.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2014-05-08 10:38:29 +02:00
Karicheri, Muralidharan
bf411ea9f1 tools: mkimage: add support for gpimage format
This patch add support for gpimage format as a preparatory
patch for porting u-boot for keystone2 devices and is
based on omapimage format. It re-uses gph header to store the
size and loadaddr as done in omapimage.c

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Acked-by: Tom Rini <trini@ti.com>
2014-04-17 17:24:38 -04:00
Heiko Schocher
29a23f9d6c tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:40:38 -04:00
Heiko Schocher
db1b5f3d20 rsa: add sha256,rsa4096 algorithm
Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name
2014-03-21 16:39:35 -04:00
Heiko Schocher
646257d1f4 rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:34 -04:00
Heiko Schocher
2842c1c242 fit: add sha256 support
add sha256 support to fit images

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:33 -04:00
Masahiro Yamada
95f7062710 fdt: rename IMAAGE_OF_BOARD_SETUP to IMAGE_OF_BOARD_SETUP
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
2014-02-19 10:47:30 -05:00
Alexey Brodkin
bc5d542880 arc: bdinfo, image and arc-specific init functions declarations support
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>

Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <fbedard@synopsys.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Heiko Schocher <hs@denx.de>
2014-02-07 08:14:33 -05:00
David Feng
0ae7653128 arm64: core support
Relocation code based on a patch by Scott Wood, which is:
Signed-off-by: Scott Wood <scottwood@freescale.com>

Signed-off-by: David Feng <fenghua@phytium.com.cn>
2014-01-09 16:08:44 +01:00
Marek Vasut
bce8837071 ARM: mxs: tools: Add mkimage support for MXS bootstream
Add mkimage support for generating and verifying MXS bootstream.
The implementation here is mostly a glue code between MXSSB v0.4
and mkimage, but the long-term goal is to rectify this and merge
MXSSB with mkimage more tightly. Once this code is properly in
U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage
support.

Note that the mxsimage generator needs libcrypto from OpenSSL, I
therefore enabled the libcrypto/libssl unconditionally.

MXSSB: http://git.denx.de/?p=mxssb.git;a=summary

The code is based on research presented at:
http://www.rockbox.org/wiki/SbFileFormat

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>
2013-08-31 15:26:52 +02:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
f320a4d845 bootm: Use selected configuration for ramdisk and fdt
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.

In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-12 10:32:39 -04:00
Simon Glass
a5266d6b5d bootm: Clean up bootz_setup() function
This function has no prototype in the headers and passes void * around, thus
requiring several casts. Tidy this up.

- Add new patch to clean up bootz_setup() function

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-10 09:15:14 -04:00
Simon Glass
29ce737d6f mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE
At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.

Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.

If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:

lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-28 16:26:52 -04:00
Simon Glass
4d0985295b image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
3e569a6b1e image: Add signing infrastructure
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
d0ae31eb07 Add a 'fake' go command to the bootm command
For tracing it is useful to run as much of U-Boot as possible so as to get
a complete picture. Quite a bit of work happens in bootm, and we don't want
to have to stop tracing before bootm starts.

Add a way of doing a 'fake' boot of the OS - which does everything up to
the point where U-Boot is about to jump to the OS image. This allows
tracing to record right until the end.

This requires arch support to work.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
35fc84fa1f Refactor the bootm command to reduce code duplication
At present the bootm code is mostly duplicated for the plain 'bootm'
command and its sub-command variant. This makes the code harder to
maintain and means that changes must be made to several places.

Introduce do_bootm_states() which performs selected portions of the bootm
work, so that both plain 'bootm' and 'bootm <sub_command>' can use the
same code.

Additional duplication exists in bootz, so tidy that up as well. This
is not intended to change behaviour, apart from minor fixes where the
previously-duplicated code missed some chunks of code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
4651800d51 image: Use fit_image_load() to load kernel
Use the new common code to load a kernel. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
53f375fa81 image: Use fit_image_load() to load FDT
Use the new common code to load a flat device tree. Also fix up a few casts
so that this code works with sandbox. Other than that the functionality
should not change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
a51ec63b85 image: Use fit_image_load() to load ramdisk
Use the new common code to load a ramdisk. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
782cfbb259 image: Introduce fit_image_load() to load images from FITs
At present code to load an image from a FIT is duplicated in the three
places where it is needed (kernel, fdt, ramdisk).

The differences between these different code copies is fairly minor.
Create a new function in the fit code which can handle any of the
requirements of those cases.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
13d06981a9 image: Add device tree setup to image library
This seems to be a common function for several architectures, so create
a common function rather than duplicating the code in each arch.

Also make an attempt to avoid introducing #ifdefs in the new code, partly
by removing useless #ifdefs around function declarations in the image.h
header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
87ebee39e9 image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL
This code is very large, and in SPL it isn't always useful to print
out image information (in fact there might not even be a console
active). So disable this feature unless this option is set.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
1fe7d93891 image: Remove remaining #ifdefs in image-fit.c
There are only two left. One is unnecessary and the other can be moved
to the header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
35e7b0f179 sandbox: image: Add support for booting images in sandbox
Much of the image code uses addresses as ulongs and pointers interchangeably,
casting between the two forms as needed.

This doesn't work with sandbox, which has a U-Boot RAM buffer which is
separate from the host machine's memory.

Adjust the cost so that translating from a U-Boot address to a pointer uses
map_sysmem(). This allows bootm to work correctly on sandbox.

Note that there are no exhaustive tests for this code on sandbox, so it is
possible that some dark corners remain.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-05-14 15:37:25 -04:00
Simon Glass
d8b75360ee image: Rename hash printing to fit_image_print_verification_data()
This function will be used to print signatures as well as hashes, so rename
it. Also make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
bbb467dc3c image: Rename fit_add_hashes() to fit_add_verification_data()
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00