Commit graph

288 commits

Author SHA1 Message Date
Alexandru Gagniuc
36bfcb62b3 mkimage: Add a 'keyfile' argument for image signing
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.

Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
0bcb28dfb9 lib: Rename rsa-checksum.c to hash-checksum.c
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Tom Rini
1057b1be75 Prepare v2021.04-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBiRbMACgkQFHw5/5Y0
 tyz0KAv/T8glQGL6L2CYeLuwbs9tndQoaH2YNb3teNUJrqehBleJAQ6ubHP30d87
 rHrokJ4Zu3TC15sACrK4GOMvsAVkeCuU/jIqFJA4ieDZr8g7yfUMOZMsDiIFdd36
 Rdmi71Jtek/csyS5BfcUUYoXVbUCGQ8yAx7z0VrK0sqsqZYYJNwPmqgkR8U2ulNb
 FiLxwamFwH7+bsvcvHajO1dOyko0zR7GTisf/fOgmlHuF3BldqG4SDcNd528uEWb
 r3fXs2Ut6IaC/beCnmKUPVG3ZjdPtb+T230rRRhUOfjTwqR7SzXp5bTyzdgyw3gU
 rOgfi/mAGQPPG2E2fzPz0JCI1irbnkSE2fVJ4epaVUCoHIEsQQdy034aD3qLcHFY
 65ihEpRvCM7s9jfKX8XeIG4rKFB4i60TX5orzdMvx7wV3rxmPE9qQmF9lkD+fEA+
 TPuFtkjGmluSe+xWBVK7+6xuF6rcLEbNXuFWRi3qMSMgH8rtGfeJRonusOGPolwC
 jQ1T7szW
 =UJ/O
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc5' into next

Prepare v2021.04-rc5
2021-03-29 18:00:21 -04:00
Simon Glass
e2734d647e sandbox: image: Allow sandbox to load any image
Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
29cbc4babf image: Avoid -ENODATA in host tools
Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.

Fixes: c5819701a3 image: Adjust the workings of fit_check_format()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-03-17 12:50:19 -04:00
Alexandru Gagniuc
9e30423978 image: Do not #if guard board_fit_image_post_process() prototype
There's no point in guarding function prototypes with #ifdefs. If a
function is not defined, the linker will notice. Having the prototype
does not affect code size.

What the #if guard takes away is the ability to use IS_ENABLED:

	if (CONFIG_IS ENABLED(FIT_IMAGE_POST_PROCESS))
		board_fit_image_post_process(...)

When the prototype is guarded, the above form cannot be used. This
leads to the proliferation of #ifdefs, and unreadable code. The
opportunity cost of the #if guard outweighs any benefits. Remove it.

Since the original version of this patch, an empty definition was
added by commit f14e6eec6c ("image: cleanup pre-processor usage").
The empty definition can cause silent failures, when an implementation
of board_fit_image_post_process() is expected because the linker will
not catch the missing function. Thus this patch removes this empty
inline declaration.

Fixes: f14e6eec6c ("image: cleanup pre-processor usage")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Andre Przywara
6d295099cc tools: mkimage: Add Allwinner eGON support
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.

Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-11 23:19:33 +00:00
Sebastian Reichel
f14e6eec6c image: cleanup pre-processor usage
Replace most #ifdef checks for USE_HOSTCC and CONFIG_*
with normal if instructions.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
2021-01-05 08:21:48 -05:00
AKASHI Takahiro
3149e524fc common: update: add a generic interface for FIT image
The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.

This function will also be used in implementing UEFI capsule update
in a later commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-10-30 14:20:27 +01:00
Naoki Hayama
898a084953 cosmetic: image: Fix comments and the order of definitions
Fix some comments about functions.
Move genimg_get_comp_name() above genimg_get_short_name() because
genimg_get_comp_name() is related to get_table_entry_name().

Signed-off-by: Naoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-22 09:54:52 -04:00
Naoki Hayama
02d41b01bd image: Add a function to modify category information
Add a generic function which can check whether a category has an
entry ID.

Signed-off-by: Naoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-22 09:54:52 -04:00
Philippe Reynes
a6982a6f76 fit: cipher: aes: allow to store the IV in the FIT image
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-10-12 21:30:37 -04:00
Masahiro Yamada
b75d8dc564 treewide: convert bd_t to struct bd_info by coccinelle
The Linux coding style guide (Documentation/process/coding-style.rst)
clearly says:

  It's a **mistake** to use typedef for structures and pointers.

Besides, using typedef for structures is annoying when you try to make
headers self-contained.

Let's say you have the following function declaration in a header:

  void foo(bd_t *bd);

This is not self-contained since bd_t is not defined.

To tell the compiler what 'bd_t' is, you need to include <asm/u-boot.h>

  #include <asm/u-boot.h>
  void foo(bd_t *bd);

Then, the include direcective pulls in more bloat needlessly.

If you use 'struct bd_info' instead, it is enough to put a forward
declaration as follows:

  struct bd_info;
  void foo(struct bd_info *bd);

Right, typedef'ing bd_t is a mistake.

I used coccinelle to generate this commit.

The semantic patch that makes this change is as follows:

  <smpl>
  @@
  typedef bd_t;
  @@
  -bd_t
  +struct bd_info
  </smpl>

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-07-17 09:30:13 -04:00
Robert Marko
26073f9ed3 image: Add support for ZSTD decompression
This patch adds support for ZSTD decompression of FIT images.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
2020-07-07 15:37:13 -04:00
Reuben Dowle
d16b38f427 Add support for SHA384 and SHA512
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
2020-06-12 13:14:07 -04:00
Simon Glass
0914011310 command: Remove the cmd_tbl_t typedef
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 18:36:55 -04:00
Atish Patra
155d6a3575 image: Add a common compression type detection function.
Currently, there is no method that can detect compression types
given a file. This is very useful where a compressed kernel image
is loaded directly to the memory.

Inspect initial few bytes to figure out compression type of the
image. It will be used in booti method for now but can be reused
any other function in future as well.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-17 12:32:36 -04:00
Tom Rini
1f47e2aca4 Xilinx changes for v2020.07
common:
 - Align ENV_FAT_INTERFACE
 - Fix MAC address source print log
 - Improve based autodetection code
 
 xilinx:
 - Enable netconsole
 
 Microblaze:
 - Setup default ENV_OFFSET/ENV_SECT_SIZE
 
 Zynq:
 - Multiple DT updates/fixes
 - Use DEVICE_TREE environment variable for DTB selection
 - Switch to single zynq configuration
 - Enable NOR flash via DM
 - Minor SPL print removal
 - Enable i2c mux driver
 
 ZynqMP:
 - Print multiboot register
 - Enable cache commands in mini mtest
 - Multiple DT updates/fixes
 - Fix firmware probing when driver is not enabled
 - Specify 3rd backup RAM boot mode in SPL
 - Add SPL support for zcu102 v1.1 and zcu111 revA
 - Redesign debug uart enabling and psu_init delay
 - Enable full u-boot run from EL3
 - Enable u-boot.itb generation without ATF with U-Boot in EL3
 
 Versal:
 - Enable distro default
 - Enable others SPI flashes
 - Enable systems without DDR
 
 Drivers:
 - Gem:
   - Flush memory after freeing
   - Handle mdio bus separately
 - Watchdog:
   - Get rid of unused global data pointer
   - Enable window watchdog timer
 - Serial:
   - Change reinitialization logic in zynq serial driver
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCXoxw9wAKCRDKSWXLKUoM
 IbQxAKCK23yTy4FoN8oTGTYsbmLOA9kVUQCbBx8lg4nBeA8ihSaAnY+HMDF37YI=
 =Lg54
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2020.07' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2020.07

common:
- Align ENV_FAT_INTERFACE
- Fix MAC address source print log
- Improve based autodetection code

xilinx:
- Enable netconsole

Microblaze:
- Setup default ENV_OFFSET/ENV_SECT_SIZE

Zynq:
- Multiple DT updates/fixes
- Use DEVICE_TREE environment variable for DTB selection
- Switch to single zynq configuration
- Enable NOR flash via DM
- Minor SPL print removal
- Enable i2c mux driver

ZynqMP:
- Print multiboot register
- Enable cache commands in mini mtest
- Multiple DT updates/fixes
- Fix firmware probing when driver is not enabled
- Specify 3rd backup RAM boot mode in SPL
- Add SPL support for zcu102 v1.1 and zcu111 revA
- Redesign debug uart enabling and psu_init delay
- Enable full u-boot run from EL3
- Enable u-boot.itb generation without ATF with U-Boot in EL3

Versal:
- Enable distro default
- Enable others SPI flashes
- Enable systems without DDR

Drivers:
- Gem:
  - Flush memory after freeing
  - Handle mdio bus separately
- Watchdog:
  - Get rid of unused global data pointer
  - Enable window watchdog timer
- Serial:
  - Change reinitialization logic in zynq serial driver

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-04-07 17:13:35 -04:00
Simon Glass
72188f5462 image: Use constants for 'required' and 'key-name-hint'
These are used in multiple places so update them to use a shared #define.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-04-01 07:45:09 -06:00
Simon Glass
390b26dc27 image: Correct comment for fit_conf_get_node()
This should mention that conf_uname can be NULL and should be in the
header file. Fix this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
AKASHI Takahiro
a8fc3df8b9 include: image.h: add key info to image_sign_info
For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.

Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:39 -04:00
AKASHI Takahiro
b983cc2da0 lib: rsa: decouple rsa from FIT image verification
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:38 -04:00
Eugeniu Rosca
d08b16edf8 image.h: isolate android_image_* functions from tooling
On Feb. 16, 2020, Tom reported [1] build failure of U-Boot in-tree
tooling after applying https://patchwork.ozlabs.org/cover/1229663/
("[v6,0/7] rsa: extend rsa_verify() for UEFI secure boot").

Later on, Heinrich stressed the urgency of the issue in
https://patchwork.ozlabs.org/patch/1250858/#2379069:

 >>>>>>>>>
 We should finalize the topic as it stops EFI patches from being merged
 >>>>>>>>>

On the surface, the problem is caused by U-Boot commits [2-3], which
employed 'u32' in 'include/image.h', while historically U-Boot tooling
stayed agnostic on the {u,s}{8,16,32} types.

Thanks to Tom, Yamada-san and Heinrich, the following solutions have
been put head-to-head ('+' pros, '-' cons):

 A. Use an equivalent fixed-size type, i.e. s/u32/uint32_t/ in both
    android function prototypes (image.h) and definitions (c file):
    + quick and low-line-count
    - creates a 'soup' of fixed-sized types in the Android C file
    - will confuse contributors
    - is going against Linux kernel best practices [4]

 B. Guard Android functions by '!defined(USE_HOSTCC)' in image.h:
    + quick and low-line-count
    + reflects the reality (no android function is used by tooling)
    + zero impact on other subsystems
    - ifdeffery may look annoying (pre-existing problem of image.h)

 C. Make {u8,u16,u32} available in U-Boot tooling:
    + quick and low-line-count
    + [Yamada-san][5]:
      * forbidding u32 for tools is questionable to me
      * Linux kernel and Barebox use {u8,u16,u32} for the tools space
    - breaks U-Boot tradition?
    - has larger impact than [A] and [B]
    - adds type complexity/inconsistency in the tooling space

 D. [Yamada-san] Refactor the headers to minimize the code shared
    between U-Boot space and tooling space:
    + probably the long-term solution
    - high effort
    - can be seen/done as an incremental update on top of [B]

Looking at the above, [B] looks like the natural way to go forward.

[1] https://patchwork.ozlabs.org/patch/1238245/#2363052
[2] commit 7f2531502c ("image: android: Add routine to get dtbo params")
[3] commit c3bfad825a ("image: android: Add functions for handling dtb field")
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6176fa4728fb6d
    ("checkpatch: add --strict warning for c99 fixed size typedefs : int<size>_t")
[5] https://patchwork.ozlabs.org/patch/1238245/#2363340

Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Sam Protsenko <joe.skb7@gmail.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: Heinrich Schuchardt <xpyron.glpk@gmx.de>
2020-03-12 08:20:38 -04:00
Sam Protsenko
7f2531502c image: android: Add routine to get dtbo params
Android Boot Image v1 adds "Recovery DTB" field in image header and
associate payload in boot image itself [1]. Payload should be in
Android DTB/DTBO format [2]. That "Recovery DTB" area should be only
populated for non-A/B devices, and only in recovery image.

Add function to get an address and size of that payload. That function
can be further used e.g. in 'abootimg' command to provide the user a way
to get the address of recovery dtbo from U-Boot shell, which can be
further parsed using 'adtimg' command.

[1] https://source.android.com/devices/bootloader/boot-image-header
[2] https://source.android.com/devices/architecture/dto/partitions

Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2020-02-04 09:07:24 +05:30
Sam Protsenko
c3bfad825a image: android: Add functions for handling dtb field
Android Boot Image v2 adds "DTB" payload (and corresponding field in the
image header). Provide functions for its handling:

  - android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of
    boot image, by blob's index
  - android_image_print_dtb_contents(): Iterate over all DTB blobs in
    "DTB" part of boot image and print those blobs info

"DTB" payload might be in one of the following formats:
  1. concatenated DTB blobs
  2. Android DTBO format

The latter requires "android-image-dt.c" functionality, so this commit
selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option.

Right now this new functionality isn't used, but it can be used further.
As it's required to apply some specific dtbo blob(s) from "dtbo"
partition, we can't automate this process inside of "bootm" command. But
we can do next:
  - come up with some new command like "abootimg" to extract dtb blob
    from boot image (using functions from this patch)
  - extract desired dtbo blobs from "dtbo" partition using "adtimg"
    command
  - merge dtbo blobs into dtb blob using "fdt apply" command
  - pass resulting dtb blob into bootm command in order to boot the
    Android kernel with Android ramdisk from boot image

Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2020-02-04 09:07:24 +05:30
Simon Glass
220a3a44a3 common: Rename and move source()
This function has a very generic name which does not adequately describe
its purpose. Rename it and move it to image.h, since it relates to reading
a script from an image.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17 14:02:35 -05:00
Simon Glass
8e8ccfe1aa common: Move the image globals into image.h
These three globals relate to image handling. Move them to the image
header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17 14:02:35 -05:00
Philippe Reynes
4df3578119 u-boot: fit: add support to decrypt fit with aes
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:16:29 -05:00
Philippe Reynes
7298e42250 mkimage: fit: add support to encrypt image with aes
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:15:49 -05:00
Cristian Ciocaltea
a031b03f64 image: Add IH_OS_EFI for EFI chain-load boot
Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.

Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};

Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:21 +01:00
Bin Meng
1af5e97d8d tools: image.h: Use portable uint32_t instead of linux-specific __be32
__be32 has Linux kernel specific __attribute__((bitwise)) which is
not portable. Use uint32_t instead.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
2019-10-28 13:32:50 -04:00
Patrick Delaunay
e7fabe75ae image: add new "copro" image type
Define new image type for coprocessor images.
It is used in FIT to identify the files loaded
with remoteproc command (elf or bin).

Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-08-27 11:19:23 +02:00
Lukas Auer
5e30e45c83 spl: support booting via RISC-V OpenSBI
RISC-V OpenSBI is an open-source implementation of the RISC-V Supervisor
Binary Interface (SBI) specification. It is required by Linux and U-Boot
running in supervisor mode. This patch adds support for booting via the
OpenSBI FW_DYNAMIC firmware. It supports OpenSBI version 0.4 and higher.

In this configuration, U-Boot SPL starts in machine mode. After loading
OpenSBI and U-Boot proper, it will start OpenSBI. All necessary
parameters are generated by U-Boot SPL and are passed to OpenSBI. U-Boot
proper is started in supervisor mode by OpenSBI. Support for OpenSBI is
enabled with CONFIG_SPL_OPENSBI. An additional configuration entry,
CONFIG_SPL_OPENSBI_LOAD_ADDR, is used to specify the load address of the
OpenSBI firmware binary. It is not used directly in U-Boot and instead
is intended to make the value available to scripts such as FIT
configuration generators.

The header file include/opensbi.h is based on header files from the
OpenSBI project. They are recent, as of commit bae54f764570 ("firmware:
Add fw_dynamic firmware").

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
2019-08-26 16:07:42 +08:00
Julius Werner
2090854cd2 common: Move bootm_decomp_image() to image.c (as image_decomp())
Upcoming patches want to add decompression to use cases that are no
longer directly related to booting. It makes sense to retain a single
decompression routine, but it should no longer be in bootm.c (which is
not compiled for all configurations). This patch moves
bootm_decomp_image() to image.c and renames it to image_decomp() in
preparation of those upcoming patches.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fix warning around handle_decomp_error being unused]
Signed-off-by: Tom Rini <trini@konsulko.com>
2019-07-29 09:30:42 -04:00
Tom Rini
c76c93a3d5 configs: Rename CONFIG_IMAGE_FORMAT_LEGACY to CONFIG_LEGACY_IMAGE_FORMAT
The name CONFIG_LEGACY_IMAGE_FORMAT reads slightly better along with
allowing us to avoid a rather nasty Kbuild/Kconfig issue down the line
with CONFIG_IS_ENABLED(IMAGE_FORMAT_LEGACY).  In a few places outside of
cmd/ switch to using CONFIG_IS_ENABLED() to test what is set.

Signed-off-by: Tom Rini <trini@konsulko.com>
2019-07-11 14:11:18 -04:00
Tien Fong Chee
0a42a132a4 ARM: socfpga: Add FPGA drivers for Arria 10 FPGA bitstream loading
Add FPGA driver to support program FPGA with FPGA bitstream loading from
filesystem. The driver are designed based on generic firmware loader
framework. The driver can handle FPGA program operation from loading FPGA
bitstream in flash to memory and then to program FPGA.

Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
2019-05-10 22:48:11 +02:00
Chris Packham
4ad2c8953d Remove #define CONFIG_CRC32
There is no check for CONFIG_CRC32 so the #define in image.h does
nothing. Remove it.

Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Reviewed-by: Heiko Schocher <hs@denx.de>
2019-05-10 07:18:13 -04:00
Alex Kiernan
89665f2eb1 Refactor IMAGE_ENABLE_VERIFY to handle builds without SPL verification
If building with SPL_LOAD_FIT_FULL and FIT_SIGNATURE, but without
SPL_FIT_SIGNATURE then the build fails with:

  common/built-in.o: In function `fit_image_verify_with_data':
  common/image-fit.c:1220: undefined reference to `fit_image_verify_required_sigs'
  common/image-fit.c:1244: undefined reference to `fit_image_check_sig'
  common/built-in.o: In function `fit_image_load':
  common/image-fit.c:1857: undefined reference to `fit_config_verify'

Refactor so that host builds still depend on FIT_SIGNATURE, but target
builds check FIT_SIGNATURE/SPL_FIT_SIGNATURE dependent on the build.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-05-05 08:48:50 -04:00
Eugeniu Rosca
829ceb2821 image: android: allow booting lz4-compressed kernels
According to Android image format [1], kernel image resides at 1 page
offset from the boot image address. Grab the magic number from there
and allow U-Boot to handle LZ4-compressed KNL binaries instead of
hardcoding compression type to IH_COMP_NONE. Other compression types,
if needed, can be added later.

Tested on H3ULCB-KF using the image detailed in [2].

[1] Excerpt from include/android_image.h
    +-----------------+
    | boot header     | 1 page
    +-----------------+
    | kernel          | n pages
    +-----------------+
    | ramdisk         | m pages
    +-----------------+
    | second stage    | o pages
    +-----------------+

[2] => iminfo 4c000000
    ## Checking Image at 4c000000 ...
    Android image found
    kernel size:      85b9d1
    kernel address:   48080000
    ramdisk size:     54ddbc
    ramdisk addrress: 4a180000
    second size:      0
    second address:   48000800
    tags address:     48000100
    page size:        800
    os_version:       1200012a (ver: 0.9.0, level: 2018.10)
    name:
    cmdline:          buildvariant=userdebug

Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
2019-04-24 07:27:32 -04:00
Stefano Babic
24431adc36 Restore compatibility of image type IDs
Commit a2b96ece5b breaks the enumeration
of the Image Types. New image types can be appended, but they cannot be
inserted in the list else backward compatibility is broken.

This restores the images types as before 2018.11 and move i.MX8 related
images at the end.

Signed-off-by: Robert Berger <robert.berger@ReliableEmbeddedSystems.com>
Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Tom Rini <trini@konsulko.com>
2018-12-17 07:09:29 -05:00
Philippe Reynes
061daa0b61 rsa: add support of padding pss
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Philippe Reynes
20031567e1 rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Ryder Lee
3b975a147c tools: MediaTek: add MTK boot header generation to mkimage
This patch adds support for MTK boot image generation.

Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-11-28 23:04:43 -05:00
Peng Fan
a2b96ece5b tools: add i.MX8/8X image support
i.MX8/8X bootable image type is container type.
The bootable image, containers a container set which supports two
container. The 1st container is for SECO firmware, the 2nd container
needs to include scfw, m4_0/1 image, ACore images per your requirement.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2018-10-22 13:01:27 +02:00
Alex Kiernan
795f452eef mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
2018-07-10 16:56:00 -04:00
Marek Vasut
7f13b374fd ARM: image: Add option for ignoring ep bit 3
Add option to the booti_setup() which indicates to it that the caller
requires the image to be relocated to the beginning of the RAM and
that the information whether the image can be located anywhere in RAM
at 2 MiB aligned boundary or not is to be ignored. This is useful ie.
in case the Image is wrapped in another envelope, ie. fitImage and not
relocating it but moving it would corrupt the envelope.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bin Chen <bin.chen@linaro.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-By: Bin Chen <bin.chen@linaro.org>
2018-06-19 07:31:45 -04:00
Kelvin Cheung
c3c8638804 add FIT data-position & data-offset property support
Add FIT data-position & data-offset property support for bootm,
which were already supported in SPL.

Signed-off-by: Kelvin Cheung <keguang.zhang@gmail.com>
2018-05-26 18:19:19 -04:00
Marek Vasut
0298d20375 fit: Add standalone image type handling
Just add IH_TYPE_STANDALONE to fit_get_image_type_property().

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-23 22:06:40 -04:00