mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-11 22:03:15 +00:00
83d290c56f
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
1757 lines
38 KiB
C
1757 lines
38 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Image manipulator for Marvell SoCs
|
|
* supports Kirkwood, Dove, Armada 370, Armada XP, and Armada 38x
|
|
*
|
|
* (C) Copyright 2013 Thomas Petazzoni
|
|
* <thomas.petazzoni@free-electrons.com>
|
|
*
|
|
* Not implemented: support for the register headers in v1 images
|
|
*/
|
|
|
|
#include "imagetool.h"
|
|
#include <limits.h>
|
|
#include <image.h>
|
|
#include <stdarg.h>
|
|
#include <stdint.h>
|
|
#include "kwbimage.h"
|
|
|
|
#ifdef CONFIG_KWB_SECURE
|
|
#include <openssl/bn.h>
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/pem.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/evp.h>
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
|
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
|
static void RSA_get0_key(const RSA *r,
|
|
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
|
{
|
|
if (n != NULL)
|
|
*n = r->n;
|
|
if (e != NULL)
|
|
*e = r->e;
|
|
if (d != NULL)
|
|
*d = r->d;
|
|
}
|
|
|
|
#elif !defined(LIBRESSL_VERSION_NUMBER)
|
|
void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|
{
|
|
EVP_MD_CTX_reset(ctx);
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
static struct image_cfg_element *image_cfg;
|
|
static int cfgn;
|
|
#ifdef CONFIG_KWB_SECURE
|
|
static int verbose_mode;
|
|
#endif
|
|
|
|
struct boot_mode {
|
|
unsigned int id;
|
|
const char *name;
|
|
};
|
|
|
|
/*
|
|
* SHA2-256 hash
|
|
*/
|
|
struct hash_v1 {
|
|
uint8_t hash[32];
|
|
};
|
|
|
|
struct boot_mode boot_modes[] = {
|
|
{ 0x4D, "i2c" },
|
|
{ 0x5A, "spi" },
|
|
{ 0x8B, "nand" },
|
|
{ 0x78, "sata" },
|
|
{ 0x9C, "pex" },
|
|
{ 0x69, "uart" },
|
|
{ 0xAE, "sdio" },
|
|
{},
|
|
};
|
|
|
|
struct nand_ecc_mode {
|
|
unsigned int id;
|
|
const char *name;
|
|
};
|
|
|
|
struct nand_ecc_mode nand_ecc_modes[] = {
|
|
{ 0x00, "default" },
|
|
{ 0x01, "hamming" },
|
|
{ 0x02, "rs" },
|
|
{ 0x03, "disabled" },
|
|
{},
|
|
};
|
|
|
|
/* Used to identify an undefined execution or destination address */
|
|
#define ADDR_INVALID ((uint32_t)-1)
|
|
|
|
#define BINARY_MAX_ARGS 8
|
|
|
|
/* In-memory representation of a line of the configuration file */
|
|
|
|
enum image_cfg_type {
|
|
IMAGE_CFG_VERSION = 0x1,
|
|
IMAGE_CFG_BOOT_FROM,
|
|
IMAGE_CFG_DEST_ADDR,
|
|
IMAGE_CFG_EXEC_ADDR,
|
|
IMAGE_CFG_NAND_BLKSZ,
|
|
IMAGE_CFG_NAND_BADBLK_LOCATION,
|
|
IMAGE_CFG_NAND_ECC_MODE,
|
|
IMAGE_CFG_NAND_PAGESZ,
|
|
IMAGE_CFG_BINARY,
|
|
IMAGE_CFG_PAYLOAD,
|
|
IMAGE_CFG_DATA,
|
|
IMAGE_CFG_BAUDRATE,
|
|
IMAGE_CFG_DEBUG,
|
|
IMAGE_CFG_KAK,
|
|
IMAGE_CFG_CSK,
|
|
IMAGE_CFG_CSK_INDEX,
|
|
IMAGE_CFG_JTAG_DELAY,
|
|
IMAGE_CFG_BOX_ID,
|
|
IMAGE_CFG_FLASH_ID,
|
|
IMAGE_CFG_SEC_COMMON_IMG,
|
|
IMAGE_CFG_SEC_SPECIALIZED_IMG,
|
|
IMAGE_CFG_SEC_BOOT_DEV,
|
|
IMAGE_CFG_SEC_FUSE_DUMP,
|
|
|
|
IMAGE_CFG_COUNT
|
|
} type;
|
|
|
|
static const char * const id_strs[] = {
|
|
[IMAGE_CFG_VERSION] = "VERSION",
|
|
[IMAGE_CFG_BOOT_FROM] = "BOOT_FROM",
|
|
[IMAGE_CFG_DEST_ADDR] = "DEST_ADDR",
|
|
[IMAGE_CFG_EXEC_ADDR] = "EXEC_ADDR",
|
|
[IMAGE_CFG_NAND_BLKSZ] = "NAND_BLKSZ",
|
|
[IMAGE_CFG_NAND_BADBLK_LOCATION] = "NAND_BADBLK_LOCATION",
|
|
[IMAGE_CFG_NAND_ECC_MODE] = "NAND_ECC_MODE",
|
|
[IMAGE_CFG_NAND_PAGESZ] = "NAND_PAGE_SIZE",
|
|
[IMAGE_CFG_BINARY] = "BINARY",
|
|
[IMAGE_CFG_PAYLOAD] = "PAYLOAD",
|
|
[IMAGE_CFG_DATA] = "DATA",
|
|
[IMAGE_CFG_BAUDRATE] = "BAUDRATE",
|
|
[IMAGE_CFG_DEBUG] = "DEBUG",
|
|
[IMAGE_CFG_KAK] = "KAK",
|
|
[IMAGE_CFG_CSK] = "CSK",
|
|
[IMAGE_CFG_CSK_INDEX] = "CSK_INDEX",
|
|
[IMAGE_CFG_JTAG_DELAY] = "JTAG_DELAY",
|
|
[IMAGE_CFG_BOX_ID] = "BOX_ID",
|
|
[IMAGE_CFG_FLASH_ID] = "FLASH_ID",
|
|
[IMAGE_CFG_SEC_COMMON_IMG] = "SEC_COMMON_IMG",
|
|
[IMAGE_CFG_SEC_SPECIALIZED_IMG] = "SEC_SPECIALIZED_IMG",
|
|
[IMAGE_CFG_SEC_BOOT_DEV] = "SEC_BOOT_DEV",
|
|
[IMAGE_CFG_SEC_FUSE_DUMP] = "SEC_FUSE_DUMP"
|
|
};
|
|
|
|
struct image_cfg_element {
|
|
enum image_cfg_type type;
|
|
union {
|
|
unsigned int version;
|
|
unsigned int bootfrom;
|
|
struct {
|
|
const char *file;
|
|
unsigned int args[BINARY_MAX_ARGS];
|
|
unsigned int nargs;
|
|
} binary;
|
|
const char *payload;
|
|
unsigned int dstaddr;
|
|
unsigned int execaddr;
|
|
unsigned int nandblksz;
|
|
unsigned int nandbadblklocation;
|
|
unsigned int nandeccmode;
|
|
unsigned int nandpagesz;
|
|
struct ext_hdr_v0_reg regdata;
|
|
unsigned int baudrate;
|
|
unsigned int debug;
|
|
const char *key_name;
|
|
int csk_idx;
|
|
uint8_t jtag_delay;
|
|
uint32_t boxid;
|
|
uint32_t flashid;
|
|
bool sec_specialized_img;
|
|
unsigned int sec_boot_dev;
|
|
const char *name;
|
|
};
|
|
};
|
|
|
|
#define IMAGE_CFG_ELEMENT_MAX 256
|
|
|
|
/*
|
|
* Utility functions to manipulate boot mode and ecc modes (convert
|
|
* them back and forth between description strings and the
|
|
* corresponding numerical identifiers).
|
|
*/
|
|
|
|
static const char *image_boot_mode_name(unsigned int id)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; boot_modes[i].name; i++)
|
|
if (boot_modes[i].id == id)
|
|
return boot_modes[i].name;
|
|
return NULL;
|
|
}
|
|
|
|
int image_boot_mode_id(const char *boot_mode_name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; boot_modes[i].name; i++)
|
|
if (!strcmp(boot_modes[i].name, boot_mode_name))
|
|
return boot_modes[i].id;
|
|
|
|
return -1;
|
|
}
|
|
|
|
int image_nand_ecc_mode_id(const char *nand_ecc_mode_name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; nand_ecc_modes[i].name; i++)
|
|
if (!strcmp(nand_ecc_modes[i].name, nand_ecc_mode_name))
|
|
return nand_ecc_modes[i].id;
|
|
return -1;
|
|
}
|
|
|
|
static struct image_cfg_element *
|
|
image_find_option(unsigned int optiontype)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < cfgn; i++) {
|
|
if (image_cfg[i].type == optiontype)
|
|
return &image_cfg[i];
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static unsigned int
|
|
image_count_options(unsigned int optiontype)
|
|
{
|
|
int i;
|
|
unsigned int count = 0;
|
|
|
|
for (i = 0; i < cfgn; i++)
|
|
if (image_cfg[i].type == optiontype)
|
|
count++;
|
|
|
|
return count;
|
|
}
|
|
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
|
|
static int image_get_csk_index(void)
|
|
{
|
|
struct image_cfg_element *e;
|
|
|
|
e = image_find_option(IMAGE_CFG_CSK_INDEX);
|
|
if (!e)
|
|
return -1;
|
|
|
|
return e->csk_idx;
|
|
}
|
|
|
|
static bool image_get_spezialized_img(void)
|
|
{
|
|
struct image_cfg_element *e;
|
|
|
|
e = image_find_option(IMAGE_CFG_SEC_SPECIALIZED_IMG);
|
|
if (!e)
|
|
return false;
|
|
|
|
return e->sec_specialized_img;
|
|
}
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Compute a 8-bit checksum of a memory area. This algorithm follows
|
|
* the requirements of the Marvell SoC BootROM specifications.
|
|
*/
|
|
static uint8_t image_checksum8(void *start, uint32_t len)
|
|
{
|
|
uint8_t csum = 0;
|
|
uint8_t *p = start;
|
|
|
|
/* check len and return zero checksum if invalid */
|
|
if (!len)
|
|
return 0;
|
|
|
|
do {
|
|
csum += *p;
|
|
p++;
|
|
} while (--len);
|
|
|
|
return csum;
|
|
}
|
|
|
|
size_t kwbimage_header_size(unsigned char *ptr)
|
|
{
|
|
if (image_version((void *)ptr) == 0)
|
|
return sizeof(struct main_hdr_v0);
|
|
else
|
|
return KWBHEADER_V1_SIZE((struct main_hdr_v1 *)ptr);
|
|
}
|
|
|
|
/*
|
|
* Verify checksum over a complete header that includes the checksum field.
|
|
* Return 1 when OK, otherwise 0.
|
|
*/
|
|
static int main_hdr_checksum_ok(void *hdr)
|
|
{
|
|
/* Offsets of checksum in v0 and v1 headers are the same */
|
|
struct main_hdr_v0 *main_hdr = (struct main_hdr_v0 *)hdr;
|
|
uint8_t checksum;
|
|
|
|
checksum = image_checksum8(hdr, kwbimage_header_size(hdr));
|
|
/* Calculated checksum includes the header checksum field. Compensate
|
|
* for that.
|
|
*/
|
|
checksum -= main_hdr->checksum;
|
|
|
|
return checksum == main_hdr->checksum;
|
|
}
|
|
|
|
static uint32_t image_checksum32(void *start, uint32_t len)
|
|
{
|
|
uint32_t csum = 0;
|
|
uint32_t *p = start;
|
|
|
|
/* check len and return zero checksum if invalid */
|
|
if (!len)
|
|
return 0;
|
|
|
|
if (len % sizeof(uint32_t)) {
|
|
fprintf(stderr, "Length %d is not in multiple of %zu\n",
|
|
len, sizeof(uint32_t));
|
|
return 0;
|
|
}
|
|
|
|
do {
|
|
csum += *p;
|
|
p++;
|
|
len -= sizeof(uint32_t);
|
|
} while (len > 0);
|
|
|
|
return csum;
|
|
}
|
|
|
|
static uint8_t baudrate_to_option(unsigned int baudrate)
|
|
{
|
|
switch (baudrate) {
|
|
case 2400:
|
|
return MAIN_HDR_V1_OPT_BAUD_2400;
|
|
case 4800:
|
|
return MAIN_HDR_V1_OPT_BAUD_4800;
|
|
case 9600:
|
|
return MAIN_HDR_V1_OPT_BAUD_9600;
|
|
case 19200:
|
|
return MAIN_HDR_V1_OPT_BAUD_19200;
|
|
case 38400:
|
|
return MAIN_HDR_V1_OPT_BAUD_38400;
|
|
case 57600:
|
|
return MAIN_HDR_V1_OPT_BAUD_57600;
|
|
case 115200:
|
|
return MAIN_HDR_V1_OPT_BAUD_115200;
|
|
default:
|
|
return MAIN_HDR_V1_OPT_BAUD_DEFAULT;
|
|
}
|
|
}
|
|
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
static void kwb_msg(const char *fmt, ...)
|
|
{
|
|
if (verbose_mode) {
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
vfprintf(stdout, fmt, ap);
|
|
va_end(ap);
|
|
}
|
|
}
|
|
|
|
static int openssl_err(const char *msg)
|
|
{
|
|
unsigned long ssl_err = ERR_get_error();
|
|
|
|
fprintf(stderr, "%s", msg);
|
|
fprintf(stderr, ": %s\n",
|
|
ERR_error_string(ssl_err, 0));
|
|
|
|
return -1;
|
|
}
|
|
|
|
static int kwb_load_rsa_key(const char *keydir, const char *name, RSA **p_rsa)
|
|
{
|
|
char path[PATH_MAX];
|
|
RSA *rsa;
|
|
FILE *f;
|
|
|
|
if (!keydir)
|
|
keydir = ".";
|
|
|
|
snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
|
|
f = fopen(path, "r");
|
|
if (!f) {
|
|
fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
|
|
path, strerror(errno));
|
|
return -ENOENT;
|
|
}
|
|
|
|
rsa = PEM_read_RSAPrivateKey(f, 0, NULL, "");
|
|
if (!rsa) {
|
|
openssl_err("Failure reading private key");
|
|
fclose(f);
|
|
return -EPROTO;
|
|
}
|
|
fclose(f);
|
|
*p_rsa = rsa;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int kwb_load_cfg_key(struct image_tool_params *params,
|
|
unsigned int cfg_option, const char *key_name,
|
|
RSA **p_key)
|
|
{
|
|
struct image_cfg_element *e_key;
|
|
RSA *key;
|
|
int res;
|
|
|
|
*p_key = NULL;
|
|
|
|
e_key = image_find_option(cfg_option);
|
|
if (!e_key) {
|
|
fprintf(stderr, "%s not configured\n", key_name);
|
|
return -ENOENT;
|
|
}
|
|
|
|
res = kwb_load_rsa_key(params->keydir, e_key->key_name, &key);
|
|
if (res < 0) {
|
|
fprintf(stderr, "Failed to load %s\n", key_name);
|
|
return -ENOENT;
|
|
}
|
|
|
|
*p_key = key;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int kwb_load_kak(struct image_tool_params *params, RSA **p_kak)
|
|
{
|
|
return kwb_load_cfg_key(params, IMAGE_CFG_KAK, "KAK", p_kak);
|
|
}
|
|
|
|
static int kwb_load_csk(struct image_tool_params *params, RSA **p_csk)
|
|
{
|
|
return kwb_load_cfg_key(params, IMAGE_CFG_CSK, "CSK", p_csk);
|
|
}
|
|
|
|
static int kwb_compute_pubkey_hash(struct pubkey_der_v1 *pk,
|
|
struct hash_v1 *hash)
|
|
{
|
|
EVP_MD_CTX *ctx;
|
|
unsigned int key_size;
|
|
unsigned int hash_size;
|
|
int ret = 0;
|
|
|
|
if (!pk || !hash || pk->key[0] != 0x30 || pk->key[1] != 0x82)
|
|
return -EINVAL;
|
|
|
|
key_size = (pk->key[2] << 8) + pk->key[3] + 4;
|
|
|
|
ctx = EVP_MD_CTX_create();
|
|
if (!ctx)
|
|
return openssl_err("EVP context creation failed");
|
|
|
|
EVP_MD_CTX_init(ctx);
|
|
if (!EVP_DigestInit(ctx, EVP_sha256())) {
|
|
ret = openssl_err("Digest setup failed");
|
|
goto hash_err_ctx;
|
|
}
|
|
|
|
if (!EVP_DigestUpdate(ctx, pk->key, key_size)) {
|
|
ret = openssl_err("Hashing data failed");
|
|
goto hash_err_ctx;
|
|
}
|
|
|
|
if (!EVP_DigestFinal(ctx, hash->hash, &hash_size)) {
|
|
ret = openssl_err("Could not obtain hash");
|
|
goto hash_err_ctx;
|
|
}
|
|
|
|
EVP_MD_CTX_cleanup(ctx);
|
|
|
|
hash_err_ctx:
|
|
EVP_MD_CTX_destroy(ctx);
|
|
return ret;
|
|
}
|
|
|
|
static int kwb_import_pubkey(RSA **key, struct pubkey_der_v1 *src, char *keyname)
|
|
{
|
|
RSA *rsa;
|
|
const unsigned char *ptr;
|
|
|
|
if (!key || !src)
|
|
goto fail;
|
|
|
|
ptr = src->key;
|
|
rsa = d2i_RSAPublicKey(key, &ptr, sizeof(src->key));
|
|
if (!rsa) {
|
|
openssl_err("error decoding public key");
|
|
goto fail;
|
|
}
|
|
|
|
return 0;
|
|
fail:
|
|
fprintf(stderr, "Failed to decode %s pubkey\n", keyname);
|
|
return -EINVAL;
|
|
}
|
|
|
|
static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf,
|
|
char *keyname)
|
|
{
|
|
int size_exp, size_mod, size_seq;
|
|
const BIGNUM *key_e, *key_n;
|
|
uint8_t *cur;
|
|
char *errmsg = "Failed to encode %s\n";
|
|
|
|
RSA_get0_key(key, NULL, &key_e, NULL);
|
|
RSA_get0_key(key, &key_n, NULL, NULL);
|
|
|
|
if (!key || !key_e || !key_n || !dst) {
|
|
fprintf(stderr, "export pk failed: (%p, %p, %p, %p)",
|
|
key, key_e, key_n, dst);
|
|
fprintf(stderr, errmsg, keyname);
|
|
return -EINVAL;
|
|
}
|
|
|
|
/*
|
|
* According to the specs, the key should be PKCS#1 DER encoded.
|
|
* But unfortunately the really required encoding seems to be different;
|
|
* it violates DER...! (But it still conformes to BER.)
|
|
* (Length always in long form w/ 2 byte length code; no leading zero
|
|
* when MSB of first byte is set...)
|
|
* So we cannot use the encoding func provided by OpenSSL and have to
|
|
* do the encoding manually.
|
|
*/
|
|
|
|
size_exp = BN_num_bytes(key_e);
|
|
size_mod = BN_num_bytes(key_n);
|
|
size_seq = 4 + size_mod + 4 + size_exp;
|
|
|
|
if (size_mod > 256) {
|
|
fprintf(stderr, "export pk failed: wrong mod size: %d\n",
|
|
size_mod);
|
|
fprintf(stderr, errmsg, keyname);
|
|
return -EINVAL;
|
|
}
|
|
|
|
if (4 + size_seq > sizeof(dst->key)) {
|
|
fprintf(stderr, "export pk failed: seq too large (%d, %lu)\n",
|
|
4 + size_seq, sizeof(dst->key));
|
|
fprintf(stderr, errmsg, keyname);
|
|
return -ENOBUFS;
|
|
}
|
|
|
|
cur = dst->key;
|
|
|
|
/* PKCS#1 (RFC3447) RSAPublicKey structure */
|
|
*cur++ = 0x30; /* SEQUENCE */
|
|
*cur++ = 0x82;
|
|
*cur++ = (size_seq >> 8) & 0xFF;
|
|
*cur++ = size_seq & 0xFF;
|
|
/* Modulus */
|
|
*cur++ = 0x02; /* INTEGER */
|
|
*cur++ = 0x82;
|
|
*cur++ = (size_mod >> 8) & 0xFF;
|
|
*cur++ = size_mod & 0xFF;
|
|
BN_bn2bin(key_n, cur);
|
|
cur += size_mod;
|
|
/* Exponent */
|
|
*cur++ = 0x02; /* INTEGER */
|
|
*cur++ = 0x82;
|
|
*cur++ = (size_exp >> 8) & 0xFF;
|
|
*cur++ = size_exp & 0xFF;
|
|
BN_bn2bin(key_e, cur);
|
|
|
|
if (hashf) {
|
|
struct hash_v1 pk_hash;
|
|
int i;
|
|
int ret = 0;
|
|
|
|
ret = kwb_compute_pubkey_hash(dst, &pk_hash);
|
|
if (ret < 0) {
|
|
fprintf(stderr, errmsg, keyname);
|
|
return ret;
|
|
}
|
|
|
|
fprintf(hashf, "SHA256 = ");
|
|
for (i = 0 ; i < sizeof(pk_hash.hash); ++i)
|
|
fprintf(hashf, "%02X", pk_hash.hash[i]);
|
|
fprintf(hashf, "\n");
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int kwb_sign(RSA *key, void *data, int datasz, struct sig_v1 *sig, char *signame)
|
|
{
|
|
EVP_PKEY *evp_key;
|
|
EVP_MD_CTX *ctx;
|
|
unsigned int sig_size;
|
|
int size;
|
|
int ret = 0;
|
|
|
|
evp_key = EVP_PKEY_new();
|
|
if (!evp_key)
|
|
return openssl_err("EVP_PKEY object creation failed");
|
|
|
|
if (!EVP_PKEY_set1_RSA(evp_key, key)) {
|
|
ret = openssl_err("EVP key setup failed");
|
|
goto err_key;
|
|
}
|
|
|
|
size = EVP_PKEY_size(evp_key);
|
|
if (size > sizeof(sig->sig)) {
|
|
fprintf(stderr, "Buffer to small for signature (%d bytes)\n",
|
|
size);
|
|
ret = -ENOBUFS;
|
|
goto err_key;
|
|
}
|
|
|
|
ctx = EVP_MD_CTX_create();
|
|
if (!ctx) {
|
|
ret = openssl_err("EVP context creation failed");
|
|
goto err_key;
|
|
}
|
|
EVP_MD_CTX_init(ctx);
|
|
if (!EVP_SignInit(ctx, EVP_sha256())) {
|
|
ret = openssl_err("Signer setup failed");
|
|
goto err_ctx;
|
|
}
|
|
|
|
if (!EVP_SignUpdate(ctx, data, datasz)) {
|
|
ret = openssl_err("Signing data failed");
|
|
goto err_ctx;
|
|
}
|
|
|
|
if (!EVP_SignFinal(ctx, sig->sig, &sig_size, evp_key)) {
|
|
ret = openssl_err("Could not obtain signature");
|
|
goto err_ctx;
|
|
}
|
|
|
|
EVP_MD_CTX_cleanup(ctx);
|
|
EVP_MD_CTX_destroy(ctx);
|
|
EVP_PKEY_free(evp_key);
|
|
|
|
return 0;
|
|
|
|
err_ctx:
|
|
EVP_MD_CTX_destroy(ctx);
|
|
err_key:
|
|
EVP_PKEY_free(evp_key);
|
|
fprintf(stderr, "Failed to create %s signature\n", signame);
|
|
return ret;
|
|
}
|
|
|
|
int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
|
|
char *signame)
|
|
{
|
|
EVP_PKEY *evp_key;
|
|
EVP_MD_CTX *ctx;
|
|
int size;
|
|
int ret = 0;
|
|
|
|
evp_key = EVP_PKEY_new();
|
|
if (!evp_key)
|
|
return openssl_err("EVP_PKEY object creation failed");
|
|
|
|
if (!EVP_PKEY_set1_RSA(evp_key, key)) {
|
|
ret = openssl_err("EVP key setup failed");
|
|
goto err_key;
|
|
}
|
|
|
|
size = EVP_PKEY_size(evp_key);
|
|
if (size > sizeof(sig->sig)) {
|
|
fprintf(stderr, "Invalid signature size (%d bytes)\n",
|
|
size);
|
|
ret = -EINVAL;
|
|
goto err_key;
|
|
}
|
|
|
|
ctx = EVP_MD_CTX_create();
|
|
if (!ctx) {
|
|
ret = openssl_err("EVP context creation failed");
|
|
goto err_key;
|
|
}
|
|
EVP_MD_CTX_init(ctx);
|
|
if (!EVP_VerifyInit(ctx, EVP_sha256())) {
|
|
ret = openssl_err("Verifier setup failed");
|
|
goto err_ctx;
|
|
}
|
|
|
|
if (!EVP_VerifyUpdate(ctx, data, datasz)) {
|
|
ret = openssl_err("Hashing data failed");
|
|
goto err_ctx;
|
|
}
|
|
|
|
if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) {
|
|
ret = openssl_err("Could not verify signature");
|
|
goto err_ctx;
|
|
}
|
|
|
|
EVP_MD_CTX_cleanup(ctx);
|
|
EVP_MD_CTX_destroy(ctx);
|
|
EVP_PKEY_free(evp_key);
|
|
|
|
return 0;
|
|
|
|
err_ctx:
|
|
EVP_MD_CTX_destroy(ctx);
|
|
err_key:
|
|
EVP_PKEY_free(evp_key);
|
|
fprintf(stderr, "Failed to verify %s signature\n", signame);
|
|
return ret;
|
|
}
|
|
|
|
int kwb_sign_and_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
|
|
char *signame)
|
|
{
|
|
if (kwb_sign(key, data, datasz, sig, signame) < 0)
|
|
return -1;
|
|
|
|
if (kwb_verify(key, data, datasz, sig, signame) < 0)
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
int kwb_dump_fuse_cmds_38x(FILE *out, struct secure_hdr_v1 *sec_hdr)
|
|
{
|
|
struct hash_v1 kak_pub_hash;
|
|
struct image_cfg_element *e;
|
|
unsigned int fuse_line;
|
|
int i, idx;
|
|
uint8_t *ptr;
|
|
uint32_t val;
|
|
int ret = 0;
|
|
|
|
if (!out || !sec_hdr)
|
|
return -EINVAL;
|
|
|
|
ret = kwb_compute_pubkey_hash(&sec_hdr->kak, &kak_pub_hash);
|
|
if (ret < 0)
|
|
goto done;
|
|
|
|
fprintf(out, "# burn KAK pub key hash\n");
|
|
ptr = kak_pub_hash.hash;
|
|
for (fuse_line = 26; fuse_line <= 30; ++fuse_line) {
|
|
fprintf(out, "fuse prog -y %u 0 ", fuse_line);
|
|
|
|
for (i = 4; i-- > 0;)
|
|
fprintf(out, "%02hx", (ushort)ptr[i]);
|
|
ptr += 4;
|
|
fprintf(out, " 00");
|
|
|
|
if (fuse_line < 30) {
|
|
for (i = 3; i-- > 0;)
|
|
fprintf(out, "%02hx", (ushort)ptr[i]);
|
|
ptr += 3;
|
|
} else {
|
|
fprintf(out, "000000");
|
|
}
|
|
|
|
fprintf(out, " 1\n");
|
|
}
|
|
|
|
fprintf(out, "# burn CSK selection\n");
|
|
|
|
idx = image_get_csk_index();
|
|
if (idx < 0 || idx > 15) {
|
|
ret = -EINVAL;
|
|
goto done;
|
|
}
|
|
if (idx > 0) {
|
|
for (fuse_line = 31; fuse_line < 31 + idx; ++fuse_line)
|
|
fprintf(out, "fuse prog -y %u 0 00000001 00000000 1\n",
|
|
fuse_line);
|
|
} else {
|
|
fprintf(out, "# CSK index is 0; no mods needed\n");
|
|
}
|
|
|
|
e = image_find_option(IMAGE_CFG_BOX_ID);
|
|
if (e) {
|
|
fprintf(out, "# set box ID\n");
|
|
fprintf(out, "fuse prog -y 48 0 %08x 00000000 1\n", e->boxid);
|
|
}
|
|
|
|
e = image_find_option(IMAGE_CFG_FLASH_ID);
|
|
if (e) {
|
|
fprintf(out, "# set flash ID\n");
|
|
fprintf(out, "fuse prog -y 47 0 %08x 00000000 1\n", e->flashid);
|
|
}
|
|
|
|
fprintf(out, "# enable secure mode ");
|
|
fprintf(out, "(must be the last fuse line written)\n");
|
|
|
|
val = 1;
|
|
e = image_find_option(IMAGE_CFG_SEC_BOOT_DEV);
|
|
if (!e) {
|
|
fprintf(stderr, "ERROR: secured mode boot device not given\n");
|
|
ret = -EINVAL;
|
|
goto done;
|
|
}
|
|
|
|
if (e->sec_boot_dev > 0xff) {
|
|
fprintf(stderr, "ERROR: secured mode boot device invalid\n");
|
|
ret = -EINVAL;
|
|
goto done;
|
|
}
|
|
|
|
val |= (e->sec_boot_dev << 8);
|
|
|
|
fprintf(out, "fuse prog -y 24 0 %08x 0103e0a9 1\n", val);
|
|
|
|
fprintf(out, "# lock (unused) fuse lines (0-23)s\n");
|
|
for (fuse_line = 0; fuse_line < 24; ++fuse_line)
|
|
fprintf(out, "fuse prog -y %u 2 1\n", fuse_line);
|
|
|
|
fprintf(out, "# OK, that's all :-)\n");
|
|
|
|
done:
|
|
return ret;
|
|
}
|
|
|
|
static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
|
|
{
|
|
int ret = 0;
|
|
struct image_cfg_element *e;
|
|
|
|
e = image_find_option(IMAGE_CFG_SEC_FUSE_DUMP);
|
|
if (!e)
|
|
return 0;
|
|
|
|
if (!strcmp(e->name, "a38x")) {
|
|
FILE *out = fopen("kwb_fuses_a38x.txt", "w+");
|
|
|
|
kwb_dump_fuse_cmds_38x(out, sec_hdr);
|
|
fclose(out);
|
|
goto done;
|
|
}
|
|
|
|
ret = -ENOSYS;
|
|
|
|
done:
|
|
return ret;
|
|
}
|
|
|
|
#endif
|
|
|
|
static void *image_create_v0(size_t *imagesz, struct image_tool_params *params,
|
|
int payloadsz)
|
|
{
|
|
struct image_cfg_element *e;
|
|
size_t headersz;
|
|
struct main_hdr_v0 *main_hdr;
|
|
uint8_t *image;
|
|
int has_ext = 0;
|
|
|
|
/*
|
|
* Calculate the size of the header and the size of the
|
|
* payload
|
|
*/
|
|
headersz = sizeof(struct main_hdr_v0);
|
|
|
|
if (image_count_options(IMAGE_CFG_DATA) > 0) {
|
|
has_ext = 1;
|
|
headersz += sizeof(struct ext_hdr_v0);
|
|
}
|
|
|
|
if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
|
|
fprintf(stderr, "More than one payload, not possible\n");
|
|
return NULL;
|
|
}
|
|
|
|
image = malloc(headersz);
|
|
if (!image) {
|
|
fprintf(stderr, "Cannot allocate memory for image\n");
|
|
return NULL;
|
|
}
|
|
|
|
memset(image, 0, headersz);
|
|
|
|
main_hdr = (struct main_hdr_v0 *)image;
|
|
|
|
/* Fill in the main header */
|
|
main_hdr->blocksize =
|
|
cpu_to_le32(payloadsz + sizeof(uint32_t) - headersz);
|
|
main_hdr->srcaddr = cpu_to_le32(headersz);
|
|
main_hdr->ext = has_ext;
|
|
main_hdr->destaddr = cpu_to_le32(params->addr);
|
|
main_hdr->execaddr = cpu_to_le32(params->ep);
|
|
|
|
e = image_find_option(IMAGE_CFG_BOOT_FROM);
|
|
if (e)
|
|
main_hdr->blockid = e->bootfrom;
|
|
e = image_find_option(IMAGE_CFG_NAND_ECC_MODE);
|
|
if (e)
|
|
main_hdr->nandeccmode = e->nandeccmode;
|
|
e = image_find_option(IMAGE_CFG_NAND_PAGESZ);
|
|
if (e)
|
|
main_hdr->nandpagesize = cpu_to_le16(e->nandpagesz);
|
|
main_hdr->checksum = image_checksum8(image,
|
|
sizeof(struct main_hdr_v0));
|
|
|
|
/* Generate the ext header */
|
|
if (has_ext) {
|
|
struct ext_hdr_v0 *ext_hdr;
|
|
int cfgi, datai;
|
|
|
|
ext_hdr = (struct ext_hdr_v0 *)
|
|
(image + sizeof(struct main_hdr_v0));
|
|
ext_hdr->offset = cpu_to_le32(0x40);
|
|
|
|
for (cfgi = 0, datai = 0; cfgi < cfgn; cfgi++) {
|
|
e = &image_cfg[cfgi];
|
|
if (e->type != IMAGE_CFG_DATA)
|
|
continue;
|
|
|
|
ext_hdr->rcfg[datai].raddr =
|
|
cpu_to_le32(e->regdata.raddr);
|
|
ext_hdr->rcfg[datai].rdata =
|
|
cpu_to_le32(e->regdata.rdata);
|
|
datai++;
|
|
}
|
|
|
|
ext_hdr->checksum = image_checksum8(ext_hdr,
|
|
sizeof(struct ext_hdr_v0));
|
|
}
|
|
|
|
*imagesz = headersz;
|
|
return image;
|
|
}
|
|
|
|
static size_t image_headersz_v1(int *hasext)
|
|
{
|
|
struct image_cfg_element *binarye;
|
|
size_t headersz;
|
|
|
|
/*
|
|
* Calculate the size of the header and the size of the
|
|
* payload
|
|
*/
|
|
headersz = sizeof(struct main_hdr_v1);
|
|
|
|
if (image_count_options(IMAGE_CFG_BINARY) > 1) {
|
|
fprintf(stderr, "More than one binary blob, not supported\n");
|
|
return 0;
|
|
}
|
|
|
|
if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
|
|
fprintf(stderr, "More than one payload, not possible\n");
|
|
return 0;
|
|
}
|
|
|
|
binarye = image_find_option(IMAGE_CFG_BINARY);
|
|
if (binarye) {
|
|
int ret;
|
|
struct stat s;
|
|
|
|
ret = stat(binarye->binary.file, &s);
|
|
if (ret < 0) {
|
|
char cwd[PATH_MAX];
|
|
char *dir = cwd;
|
|
|
|
memset(cwd, 0, sizeof(cwd));
|
|
if (!getcwd(cwd, sizeof(cwd))) {
|
|
dir = "current working directory";
|
|
perror("getcwd() failed");
|
|
}
|
|
|
|
fprintf(stderr,
|
|
"Didn't find the file '%s' in '%s' which is mandatory to generate the image\n"
|
|
"This file generally contains the DDR3 training code, and should be extracted from an existing bootable\n"
|
|
"image for your board. See 'kwbimage -x' to extract it from an existing image.\n",
|
|
binarye->binary.file, dir);
|
|
return 0;
|
|
}
|
|
|
|
headersz += sizeof(struct opt_hdr_v1) +
|
|
s.st_size +
|
|
(binarye->binary.nargs + 2) * sizeof(uint32_t);
|
|
if (hasext)
|
|
*hasext = 1;
|
|
}
|
|
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
if (image_get_csk_index() >= 0) {
|
|
headersz += sizeof(struct secure_hdr_v1);
|
|
if (hasext)
|
|
*hasext = 1;
|
|
}
|
|
#endif
|
|
|
|
#if defined(CONFIG_SYS_U_BOOT_OFFS)
|
|
if (headersz > CONFIG_SYS_U_BOOT_OFFS) {
|
|
fprintf(stderr,
|
|
"Error: Image header (incl. SPL image) too big!\n");
|
|
fprintf(stderr, "header=0x%x CONFIG_SYS_U_BOOT_OFFS=0x%x!\n",
|
|
(int)headersz, CONFIG_SYS_U_BOOT_OFFS);
|
|
fprintf(stderr, "Increase CONFIG_SYS_U_BOOT_OFFS!\n");
|
|
return 0;
|
|
}
|
|
|
|
headersz = CONFIG_SYS_U_BOOT_OFFS;
|
|
#endif
|
|
|
|
/*
|
|
* The payload should be aligned on some reasonable
|
|
* boundary
|
|
*/
|
|
return ALIGN_SUP(headersz, 4096);
|
|
}
|
|
|
|
int add_binary_header_v1(uint8_t *cur)
|
|
{
|
|
struct image_cfg_element *binarye;
|
|
struct opt_hdr_v1 *hdr = (struct opt_hdr_v1 *)cur;
|
|
uint32_t *args;
|
|
size_t binhdrsz;
|
|
struct stat s;
|
|
int argi;
|
|
FILE *bin;
|
|
int ret;
|
|
|
|
binarye = image_find_option(IMAGE_CFG_BINARY);
|
|
|
|
if (!binarye)
|
|
return 0;
|
|
|
|
hdr->headertype = OPT_HDR_V1_BINARY_TYPE;
|
|
|
|
bin = fopen(binarye->binary.file, "r");
|
|
if (!bin) {
|
|
fprintf(stderr, "Cannot open binary file %s\n",
|
|
binarye->binary.file);
|
|
return -1;
|
|
}
|
|
|
|
if (fstat(fileno(bin), &s)) {
|
|
fprintf(stderr, "Cannot stat binary file %s\n",
|
|
binarye->binary.file);
|
|
goto err_close;
|
|
}
|
|
|
|
binhdrsz = sizeof(struct opt_hdr_v1) +
|
|
(binarye->binary.nargs + 2) * sizeof(uint32_t) +
|
|
s.st_size;
|
|
|
|
/*
|
|
* The size includes the binary image size, rounded
|
|
* up to a 4-byte boundary. Plus 4 bytes for the
|
|
* next-header byte and 3-byte alignment at the end.
|
|
*/
|
|
binhdrsz = ALIGN_SUP(binhdrsz, 4) + 4;
|
|
hdr->headersz_lsb = cpu_to_le16(binhdrsz & 0xFFFF);
|
|
hdr->headersz_msb = (binhdrsz & 0xFFFF0000) >> 16;
|
|
|
|
cur += sizeof(struct opt_hdr_v1);
|
|
|
|
args = (uint32_t *)cur;
|
|
*args = cpu_to_le32(binarye->binary.nargs);
|
|
args++;
|
|
for (argi = 0; argi < binarye->binary.nargs; argi++)
|
|
args[argi] = cpu_to_le32(binarye->binary.args[argi]);
|
|
|
|
cur += (binarye->binary.nargs + 1) * sizeof(uint32_t);
|
|
|
|
ret = fread(cur, s.st_size, 1, bin);
|
|
if (ret != 1) {
|
|
fprintf(stderr,
|
|
"Could not read binary image %s\n",
|
|
binarye->binary.file);
|
|
goto err_close;
|
|
}
|
|
|
|
fclose(bin);
|
|
|
|
cur += ALIGN_SUP(s.st_size, 4);
|
|
|
|
/*
|
|
* For now, we don't support more than one binary
|
|
* header, and no other header types are
|
|
* supported. So, the binary header is necessarily the
|
|
* last one
|
|
*/
|
|
*((uint32_t *)cur) = 0x00000000;
|
|
|
|
cur += sizeof(uint32_t);
|
|
|
|
return 0;
|
|
|
|
err_close:
|
|
fclose(bin);
|
|
|
|
return -1;
|
|
}
|
|
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
|
|
int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
|
|
{
|
|
FILE *hashf;
|
|
int res;
|
|
|
|
hashf = fopen("pub_kak_hash.txt", "w");
|
|
|
|
res = kwb_export_pubkey(kak, &secure_hdr->kak, hashf, "KAK");
|
|
|
|
fclose(hashf);
|
|
|
|
return res < 0 ? 1 : 0;
|
|
}
|
|
|
|
int kwb_sign_csk_with_kak(struct image_tool_params *params,
|
|
struct secure_hdr_v1 *secure_hdr, RSA *csk)
|
|
{
|
|
RSA *kak = NULL;
|
|
RSA *kak_pub = NULL;
|
|
int csk_idx = image_get_csk_index();
|
|
struct sig_v1 tmp_sig;
|
|
|
|
if (csk_idx >= 16) {
|
|
fprintf(stderr, "Invalid CSK index %d\n", csk_idx);
|
|
return 1;
|
|
}
|
|
|
|
if (kwb_load_kak(params, &kak) < 0)
|
|
return 1;
|
|
|
|
if (export_pub_kak_hash(kak, secure_hdr))
|
|
return 1;
|
|
|
|
if (kwb_import_pubkey(&kak_pub, &secure_hdr->kak, "KAK") < 0)
|
|
return 1;
|
|
|
|
if (kwb_export_pubkey(csk, &secure_hdr->csk[csk_idx], NULL, "CSK") < 0)
|
|
return 1;
|
|
|
|
if (kwb_sign_and_verify(kak, &secure_hdr->csk,
|
|
sizeof(secure_hdr->csk) +
|
|
sizeof(secure_hdr->csksig),
|
|
&tmp_sig, "CSK") < 0)
|
|
return 1;
|
|
|
|
if (kwb_verify(kak_pub, &secure_hdr->csk,
|
|
sizeof(secure_hdr->csk) +
|
|
sizeof(secure_hdr->csksig),
|
|
&tmp_sig, "CSK (2)") < 0)
|
|
return 1;
|
|
|
|
secure_hdr->csksig = tmp_sig;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
|
|
int payloadsz, size_t headersz, uint8_t *image,
|
|
struct secure_hdr_v1 *secure_hdr)
|
|
{
|
|
struct image_cfg_element *e_jtagdelay;
|
|
struct image_cfg_element *e_boxid;
|
|
struct image_cfg_element *e_flashid;
|
|
RSA *csk = NULL;
|
|
unsigned char *image_ptr;
|
|
size_t image_size;
|
|
struct sig_v1 tmp_sig;
|
|
bool specialized_img = image_get_spezialized_img();
|
|
|
|
kwb_msg("Create secure header content\n");
|
|
|
|
e_jtagdelay = image_find_option(IMAGE_CFG_JTAG_DELAY);
|
|
e_boxid = image_find_option(IMAGE_CFG_BOX_ID);
|
|
e_flashid = image_find_option(IMAGE_CFG_FLASH_ID);
|
|
|
|
if (kwb_load_csk(params, &csk) < 0)
|
|
return 1;
|
|
|
|
secure_hdr->headertype = OPT_HDR_V1_SECURE_TYPE;
|
|
secure_hdr->headersz_msb = 0;
|
|
secure_hdr->headersz_lsb = cpu_to_le16(sizeof(struct secure_hdr_v1));
|
|
if (e_jtagdelay)
|
|
secure_hdr->jtag_delay = e_jtagdelay->jtag_delay;
|
|
if (e_boxid && specialized_img)
|
|
secure_hdr->boxid = cpu_to_le32(e_boxid->boxid);
|
|
if (e_flashid && specialized_img)
|
|
secure_hdr->flashid = cpu_to_le32(e_flashid->flashid);
|
|
|
|
if (kwb_sign_csk_with_kak(params, secure_hdr, csk))
|
|
return 1;
|
|
|
|
image_ptr = ptr + headersz;
|
|
image_size = payloadsz - headersz;
|
|
|
|
if (kwb_sign_and_verify(csk, image_ptr, image_size,
|
|
&secure_hdr->imgsig, "image") < 0)
|
|
return 1;
|
|
|
|
if (kwb_sign_and_verify(csk, image, headersz, &tmp_sig, "header") < 0)
|
|
return 1;
|
|
|
|
secure_hdr->hdrsig = tmp_sig;
|
|
|
|
kwb_dump_fuse_cmds(secure_hdr);
|
|
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
|
|
uint8_t *ptr, int payloadsz)
|
|
{
|
|
struct image_cfg_element *e;
|
|
struct main_hdr_v1 *main_hdr;
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
struct secure_hdr_v1 *secure_hdr = NULL;
|
|
#endif
|
|
size_t headersz;
|
|
uint8_t *image, *cur;
|
|
int hasext = 0;
|
|
uint8_t *next_ext = NULL;
|
|
|
|
/*
|
|
* Calculate the size of the header and the size of the
|
|
* payload
|
|
*/
|
|
headersz = image_headersz_v1(&hasext);
|
|
if (headersz == 0)
|
|
return NULL;
|
|
|
|
image = malloc(headersz);
|
|
if (!image) {
|
|
fprintf(stderr, "Cannot allocate memory for image\n");
|
|
return NULL;
|
|
}
|
|
|
|
memset(image, 0, headersz);
|
|
|
|
main_hdr = (struct main_hdr_v1 *)image;
|
|
cur = image;
|
|
cur += sizeof(struct main_hdr_v1);
|
|
next_ext = &main_hdr->ext;
|
|
|
|
/* Fill the main header */
|
|
main_hdr->blocksize =
|
|
cpu_to_le32(payloadsz - headersz + sizeof(uint32_t));
|
|
main_hdr->headersz_lsb = cpu_to_le16(headersz & 0xFFFF);
|
|
main_hdr->headersz_msb = (headersz & 0xFFFF0000) >> 16;
|
|
main_hdr->destaddr = cpu_to_le32(params->addr)
|
|
- sizeof(image_header_t);
|
|
main_hdr->execaddr = cpu_to_le32(params->ep);
|
|
main_hdr->srcaddr = cpu_to_le32(headersz);
|
|
main_hdr->ext = hasext;
|
|
main_hdr->version = 1;
|
|
e = image_find_option(IMAGE_CFG_BOOT_FROM);
|
|
if (e)
|
|
main_hdr->blockid = e->bootfrom;
|
|
e = image_find_option(IMAGE_CFG_NAND_BLKSZ);
|
|
if (e)
|
|
main_hdr->nandblocksize = e->nandblksz / (64 * 1024);
|
|
e = image_find_option(IMAGE_CFG_NAND_BADBLK_LOCATION);
|
|
if (e)
|
|
main_hdr->nandbadblklocation = e->nandbadblklocation;
|
|
e = image_find_option(IMAGE_CFG_BAUDRATE);
|
|
if (e)
|
|
main_hdr->options = baudrate_to_option(e->baudrate);
|
|
e = image_find_option(IMAGE_CFG_DEBUG);
|
|
if (e)
|
|
main_hdr->flags = e->debug ? 0x1 : 0;
|
|
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
if (image_get_csk_index() >= 0) {
|
|
/*
|
|
* only reserve the space here; we fill the header later since
|
|
* we need the header to be complete to compute the signatures
|
|
*/
|
|
secure_hdr = (struct secure_hdr_v1 *)cur;
|
|
cur += sizeof(struct secure_hdr_v1);
|
|
next_ext = &secure_hdr->next;
|
|
}
|
|
#endif
|
|
*next_ext = 1;
|
|
|
|
if (add_binary_header_v1(cur))
|
|
return NULL;
|
|
|
|
#if defined(CONFIG_KWB_SECURE)
|
|
if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz,
|
|
headersz, image, secure_hdr))
|
|
return NULL;
|
|
#endif
|
|
|
|
/* Calculate and set the header checksum */
|
|
main_hdr->checksum = image_checksum8(main_hdr, headersz);
|
|
|
|
*imagesz = headersz;
|
|
return image;
|
|
}
|
|
|
|
int recognize_keyword(char *keyword)
|
|
{
|
|
int kw_id;
|
|
|
|
for (kw_id = 1; kw_id < IMAGE_CFG_COUNT; ++kw_id)
|
|
if (!strcmp(keyword, id_strs[kw_id]))
|
|
return kw_id;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int image_create_config_parse_oneline(char *line,
|
|
struct image_cfg_element *el)
|
|
{
|
|
char *keyword, *saveptr, *value1, *value2;
|
|
char delimiters[] = " \t";
|
|
int keyword_id, ret, argi;
|
|
char *unknown_msg = "Ignoring unknown line '%s'\n";
|
|
|
|
keyword = strtok_r(line, delimiters, &saveptr);
|
|
keyword_id = recognize_keyword(keyword);
|
|
|
|
if (!keyword_id) {
|
|
fprintf(stderr, unknown_msg, line);
|
|
return 0;
|
|
}
|
|
|
|
el->type = keyword_id;
|
|
|
|
value1 = strtok_r(NULL, delimiters, &saveptr);
|
|
|
|
if (!value1) {
|
|
fprintf(stderr, "Parameter missing in line '%s'\n", line);
|
|
return -1;
|
|
}
|
|
|
|
switch (keyword_id) {
|
|
case IMAGE_CFG_VERSION:
|
|
el->version = atoi(value1);
|
|
break;
|
|
case IMAGE_CFG_BOOT_FROM:
|
|
ret = image_boot_mode_id(value1);
|
|
|
|
if (ret < 0) {
|
|
fprintf(stderr, "Invalid boot media '%s'\n", value1);
|
|
return -1;
|
|
}
|
|
el->bootfrom = ret;
|
|
break;
|
|
case IMAGE_CFG_NAND_BLKSZ:
|
|
el->nandblksz = strtoul(value1, NULL, 16);
|
|
break;
|
|
case IMAGE_CFG_NAND_BADBLK_LOCATION:
|
|
el->nandbadblklocation = strtoul(value1, NULL, 16);
|
|
break;
|
|
case IMAGE_CFG_NAND_ECC_MODE:
|
|
ret = image_nand_ecc_mode_id(value1);
|
|
|
|
if (ret < 0) {
|
|
fprintf(stderr, "Invalid NAND ECC mode '%s'\n", value1);
|
|
return -1;
|
|
}
|
|
el->nandeccmode = ret;
|
|
break;
|
|
case IMAGE_CFG_NAND_PAGESZ:
|
|
el->nandpagesz = strtoul(value1, NULL, 16);
|
|
break;
|
|
case IMAGE_CFG_BINARY:
|
|
argi = 0;
|
|
|
|
el->binary.file = strdup(value1);
|
|
while (1) {
|
|
char *value = strtok_r(NULL, delimiters, &saveptr);
|
|
|
|
if (!value)
|
|
break;
|
|
el->binary.args[argi] = strtoul(value, NULL, 16);
|
|
argi++;
|
|
if (argi >= BINARY_MAX_ARGS) {
|
|
fprintf(stderr,
|
|
"Too many arguments for BINARY\n");
|
|
return -1;
|
|
}
|
|
}
|
|
el->binary.nargs = argi;
|
|
break;
|
|
case IMAGE_CFG_DATA:
|
|
value2 = strtok_r(NULL, delimiters, &saveptr);
|
|
|
|
if (!value1 || !value2) {
|
|
fprintf(stderr,
|
|
"Invalid number of arguments for DATA\n");
|
|
return -1;
|
|
}
|
|
|
|
el->regdata.raddr = strtoul(value1, NULL, 16);
|
|
el->regdata.rdata = strtoul(value2, NULL, 16);
|
|
break;
|
|
case IMAGE_CFG_BAUDRATE:
|
|
el->baudrate = strtoul(value1, NULL, 10);
|
|
break;
|
|
case IMAGE_CFG_DEBUG:
|
|
el->debug = strtoul(value1, NULL, 10);
|
|
break;
|
|
case IMAGE_CFG_KAK:
|
|
el->key_name = strdup(value1);
|
|
break;
|
|
case IMAGE_CFG_CSK:
|
|
el->key_name = strdup(value1);
|
|
break;
|
|
case IMAGE_CFG_CSK_INDEX:
|
|
el->csk_idx = strtol(value1, NULL, 0);
|
|
break;
|
|
case IMAGE_CFG_JTAG_DELAY:
|
|
el->jtag_delay = strtoul(value1, NULL, 0);
|
|
break;
|
|
case IMAGE_CFG_BOX_ID:
|
|
el->boxid = strtoul(value1, NULL, 0);
|
|
break;
|
|
case IMAGE_CFG_FLASH_ID:
|
|
el->flashid = strtoul(value1, NULL, 0);
|
|
break;
|
|
case IMAGE_CFG_SEC_SPECIALIZED_IMG:
|
|
el->sec_specialized_img = true;
|
|
break;
|
|
case IMAGE_CFG_SEC_COMMON_IMG:
|
|
el->sec_specialized_img = false;
|
|
break;
|
|
case IMAGE_CFG_SEC_BOOT_DEV:
|
|
el->sec_boot_dev = strtoul(value1, NULL, 0);
|
|
break;
|
|
case IMAGE_CFG_SEC_FUSE_DUMP:
|
|
el->name = strdup(value1);
|
|
break;
|
|
default:
|
|
fprintf(stderr, unknown_msg, line);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Parse the configuration file 'fcfg' into the array of configuration
|
|
* elements 'image_cfg', and return the number of configuration
|
|
* elements in 'cfgn'.
|
|
*/
|
|
static int image_create_config_parse(FILE *fcfg)
|
|
{
|
|
int ret;
|
|
int cfgi = 0;
|
|
|
|
/* Parse the configuration file */
|
|
while (!feof(fcfg)) {
|
|
char *line;
|
|
char buf[256];
|
|
|
|
/* Read the current line */
|
|
memset(buf, 0, sizeof(buf));
|
|
line = fgets(buf, sizeof(buf), fcfg);
|
|
if (!line)
|
|
break;
|
|
|
|
/* Ignore useless lines */
|
|
if (line[0] == '\n' || line[0] == '#')
|
|
continue;
|
|
|
|
/* Strip final newline */
|
|
if (line[strlen(line) - 1] == '\n')
|
|
line[strlen(line) - 1] = 0;
|
|
|
|
/* Parse the current line */
|
|
ret = image_create_config_parse_oneline(line,
|
|
&image_cfg[cfgi]);
|
|
if (ret)
|
|
return ret;
|
|
|
|
cfgi++;
|
|
|
|
if (cfgi >= IMAGE_CFG_ELEMENT_MAX) {
|
|
fprintf(stderr,
|
|
"Too many configuration elements in .cfg file\n");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
cfgn = cfgi;
|
|
return 0;
|
|
}
|
|
|
|
static int image_get_version(void)
|
|
{
|
|
struct image_cfg_element *e;
|
|
|
|
e = image_find_option(IMAGE_CFG_VERSION);
|
|
if (!e)
|
|
return -1;
|
|
|
|
return e->version;
|
|
}
|
|
|
|
static void kwbimage_set_header(void *ptr, struct stat *sbuf, int ifd,
|
|
struct image_tool_params *params)
|
|
{
|
|
FILE *fcfg;
|
|
void *image = NULL;
|
|
int version;
|
|
size_t headersz = 0;
|
|
uint32_t checksum;
|
|
int ret;
|
|
int size;
|
|
|
|
fcfg = fopen(params->imagename, "r");
|
|
if (!fcfg) {
|
|
fprintf(stderr, "Could not open input file %s\n",
|
|
params->imagename);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
|
|
sizeof(struct image_cfg_element));
|
|
if (!image_cfg) {
|
|
fprintf(stderr, "Cannot allocate memory\n");
|
|
fclose(fcfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
memset(image_cfg, 0,
|
|
IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
|
|
rewind(fcfg);
|
|
|
|
ret = image_create_config_parse(fcfg);
|
|
fclose(fcfg);
|
|
if (ret) {
|
|
free(image_cfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
/* The MVEBU BootROM does not allow non word aligned payloads */
|
|
sbuf->st_size = ALIGN_SUP(sbuf->st_size, 4);
|
|
|
|
version = image_get_version();
|
|
switch (version) {
|
|
/*
|
|
* Fallback to version 0 if no version is provided in the
|
|
* cfg file
|
|
*/
|
|
case -1:
|
|
case 0:
|
|
image = image_create_v0(&headersz, params, sbuf->st_size);
|
|
break;
|
|
|
|
case 1:
|
|
image = image_create_v1(&headersz, params, ptr, sbuf->st_size);
|
|
break;
|
|
|
|
default:
|
|
fprintf(stderr, "Unsupported version %d\n", version);
|
|
free(image_cfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
if (!image) {
|
|
fprintf(stderr, "Could not create image\n");
|
|
free(image_cfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
free(image_cfg);
|
|
|
|
/* Build and add image checksum header */
|
|
checksum =
|
|
cpu_to_le32(image_checksum32((uint32_t *)ptr, sbuf->st_size));
|
|
size = write(ifd, &checksum, sizeof(uint32_t));
|
|
if (size != sizeof(uint32_t)) {
|
|
fprintf(stderr, "Error:%s - Checksum write %d bytes %s\n",
|
|
params->cmdname, size, params->imagefile);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
sbuf->st_size += sizeof(uint32_t);
|
|
|
|
/* Finally copy the header into the image area */
|
|
memcpy(ptr, image, headersz);
|
|
|
|
free(image);
|
|
}
|
|
|
|
static void kwbimage_print_header(const void *ptr)
|
|
{
|
|
struct main_hdr_v0 *mhdr = (struct main_hdr_v0 *)ptr;
|
|
|
|
printf("Image Type: MVEBU Boot from %s Image\n",
|
|
image_boot_mode_name(mhdr->blockid));
|
|
printf("Image version:%d\n", image_version((void *)ptr));
|
|
printf("Data Size: ");
|
|
genimg_print_size(mhdr->blocksize - sizeof(uint32_t));
|
|
printf("Load Address: %08x\n", mhdr->destaddr);
|
|
printf("Entry Point: %08x\n", mhdr->execaddr);
|
|
}
|
|
|
|
static int kwbimage_check_image_types(uint8_t type)
|
|
{
|
|
if (type == IH_TYPE_KWBIMAGE)
|
|
return EXIT_SUCCESS;
|
|
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
static int kwbimage_verify_header(unsigned char *ptr, int image_size,
|
|
struct image_tool_params *params)
|
|
{
|
|
uint8_t checksum;
|
|
size_t header_size = kwbimage_header_size(ptr);
|
|
|
|
if (header_size > image_size)
|
|
return -FDT_ERR_BADSTRUCTURE;
|
|
|
|
if (!main_hdr_checksum_ok(ptr))
|
|
return -FDT_ERR_BADSTRUCTURE;
|
|
|
|
/* Only version 0 extended header has checksum */
|
|
if (image_version((void *)ptr) == 0) {
|
|
struct ext_hdr_v0 *ext_hdr;
|
|
|
|
ext_hdr = (struct ext_hdr_v0 *)
|
|
(ptr + sizeof(struct main_hdr_v0));
|
|
checksum = image_checksum8(ext_hdr,
|
|
sizeof(struct ext_hdr_v0)
|
|
- sizeof(uint8_t));
|
|
if (checksum != ext_hdr->checksum)
|
|
return -FDT_ERR_BADSTRUCTURE;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int kwbimage_generate(struct image_tool_params *params,
|
|
struct image_type_params *tparams)
|
|
{
|
|
FILE *fcfg;
|
|
int alloc_len;
|
|
int version;
|
|
void *hdr;
|
|
int ret;
|
|
|
|
fcfg = fopen(params->imagename, "r");
|
|
if (!fcfg) {
|
|
fprintf(stderr, "Could not open input file %s\n",
|
|
params->imagename);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
|
|
sizeof(struct image_cfg_element));
|
|
if (!image_cfg) {
|
|
fprintf(stderr, "Cannot allocate memory\n");
|
|
fclose(fcfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
memset(image_cfg, 0,
|
|
IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
|
|
rewind(fcfg);
|
|
|
|
ret = image_create_config_parse(fcfg);
|
|
fclose(fcfg);
|
|
if (ret) {
|
|
free(image_cfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
version = image_get_version();
|
|
switch (version) {
|
|
/*
|
|
* Fallback to version 0 if no version is provided in the
|
|
* cfg file
|
|
*/
|
|
case -1:
|
|
case 0:
|
|
alloc_len = sizeof(struct main_hdr_v0) +
|
|
sizeof(struct ext_hdr_v0);
|
|
break;
|
|
|
|
case 1:
|
|
alloc_len = image_headersz_v1(NULL);
|
|
break;
|
|
|
|
default:
|
|
fprintf(stderr, "Unsupported version %d\n", version);
|
|
free(image_cfg);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
free(image_cfg);
|
|
|
|
hdr = malloc(alloc_len);
|
|
if (!hdr) {
|
|
fprintf(stderr, "%s: malloc return failure: %s\n",
|
|
params->cmdname, strerror(errno));
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
memset(hdr, 0, alloc_len);
|
|
tparams->header_size = alloc_len;
|
|
tparams->hdr = hdr;
|
|
|
|
/*
|
|
* The resulting image needs to be 4-byte aligned. At least
|
|
* the Marvell hdrparser tool complains if its unaligned.
|
|
* By returning 1 here in this function, called via
|
|
* tparams->vrec_header() in mkimage.c, mkimage will
|
|
* automatically pad the the resulting image to a 4-byte
|
|
* size if necessary.
|
|
*/
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Report Error if xflag is set in addition to default
|
|
*/
|
|
static int kwbimage_check_params(struct image_tool_params *params)
|
|
{
|
|
if (!strlen(params->imagename)) {
|
|
char *msg = "Configuration file for kwbimage creation omitted";
|
|
|
|
fprintf(stderr, "Error:%s - %s\n", params->cmdname, msg);
|
|
return CFG_INVALID;
|
|
}
|
|
|
|
return (params->dflag && (params->fflag || params->lflag)) ||
|
|
(params->fflag && (params->dflag || params->lflag)) ||
|
|
(params->lflag && (params->dflag || params->fflag)) ||
|
|
(params->xflag) || !(strlen(params->imagename));
|
|
}
|
|
|
|
/*
|
|
* kwbimage type parameters definition
|
|
*/
|
|
U_BOOT_IMAGE_TYPE(
|
|
kwbimage,
|
|
"Marvell MVEBU Boot Image support",
|
|
0,
|
|
NULL,
|
|
kwbimage_check_params,
|
|
kwbimage_verify_header,
|
|
kwbimage_print_header,
|
|
kwbimage_set_header,
|
|
NULL,
|
|
kwbimage_check_image_types,
|
|
NULL,
|
|
kwbimage_generate
|
|
);
|