* (C) Copyright 2000-2005
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
*
- * See file CREDITS for list of people who contributed to this
- * project.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- * MA 02111-1307 USA
- *
+ * SPDX-License-Identifier: GPL-2.0+
********************************************************************
* NOTE: This header file defines an interface to U-Boot. Including
* this (unmodified) header file in another file is considered normal
#define CONFIG_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
-/* Support FIT image signing on host */
-#define CONFIG_FIT_SIGNATURE
-
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
+# ifdef CONFIG_SPL_SHA256_SUPPORT
+# define IMAGE_ENABLE_SHA256 1
+# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_MD5 /* and MD5 */
# define CONFIG_SHA1 /* and SHA1 */
+# define CONFIG_SHA256 /* and SHA256 */
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
+# define IMAGE_ENABLE_SHA256 1
# endif
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_SHA1 0
#endif
+#ifndef IMAGE_ENABLE_SHA256
+#define IMAGE_ENABLE_SHA256 0
+#endif
+
#endif /* CONFIG_FIT */
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
#endif
#ifdef CONFIG_OF_BOARD_SETUP
-# define IMAAGE_OF_BOARD_SETUP 1
+# define IMAGE_OF_BOARD_SETUP 1
#else
-# define IMAAGE_OF_BOARD_SETUP 0
+# define IMAGE_OF_BOARD_SETUP 0
#endif
/*
#define IH_ARCH_SANDBOX 19 /* Sandbox architecture (test only) */
#define IH_ARCH_NDS32 20 /* ANDES Technology - NDS32 */
#define IH_ARCH_OPENRISC 21 /* OpenRISC 1000 */
+#define IH_ARCH_ARM64 22 /* ARM64 */
+#define IH_ARCH_ARC 23 /* Synopsys DesignWare ARC */
/*
* Image Types
#define IH_TYPE_AISIMAGE 13 /* TI Davinci AIS Image */
#define IH_TYPE_KERNEL_NOLOAD 14 /* OS Kernel Image, can run from any load address */
#define IH_TYPE_PBLIMAGE 15 /* Freescale PBL Boot Image */
+#define IH_TYPE_MXSIMAGE 16 /* Freescale MXSBoot Image */
+#define IH_TYPE_GPIMAGE 17 /* TI Keystone GPHeader Image */
/*
* Compression Types
* @param fit_unamep On entry this is the requested image name
* (e.g. "kernel@1") or NULL to use the default. On exit
* points to the selected image name
- * @param fit_uname_config Requested configuration name, or NULL for the
- * default
+ * @param fit_uname_configp On entry this is the requested configuration
+ * name (e.g. "conf@1") or NULL to use the default. On
+ * exit points to the selected configuration name.
* @param arch Expected architecture (IH_ARCH_...)
* @param image_type Required image type (IH_TYPE_...). If this is
* IH_TYPE_KERNEL then we allow IH_TYPE_KERNEL_NOLOAD
* @param lenp Returns length of loaded image
*/
int fit_image_load(bootm_headers_t *images, const char *prop_name, ulong addr,
- const char **fit_unamep, const char *fit_uname_config,
+ const char **fit_unamep, const char **fit_uname_configp,
int arch, int image_type, int bootstage_id,
enum fit_load_op load_op, ulong *datap, ulong *lenp);
*/
int image_setup_linux(bootm_headers_t *images);
+/**
+ * bootz_setup() - Extract stat and size of a Linux xImage
+ *
+ * @image: Address of image
+ * @start: Returns start address of image
+ * @end : Returns end address of image
+ * @return 0 if OK, 1 if the image was not recognised
+ */
+int bootz_setup(ulong image, ulong *start, ulong *end);
+
+
/*******************************************************************/
/* New uImage format specific code (prefixed with fit_) */
/*******************************************************************/
int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
/**
- * fit_add_verification_data() - Calculate and add hashes to FIT
+ * fit_add_verification_data() - add verification data to FIT image nodes
+ *
+ * @keydir: Directory containing keys
+ * @kwydest: FDT blob to write public key information to
+ * @fit: Pointer to the FIT format image header
+ * @comment: Comment to add to signature nodes
+ * @require_keys: Mark all keys as 'required'
+ *
+ * Adds hash values for all component images in the FIT blob.
+ * Hashes are calculated for all component images which have hash subnodes
+ * with algorithm property set to one of the supported hash algorithms.
*
- * @fit: Fit image to process
- * @return 0 if ok, <0 for error
+ * Also add signatures if signature nodes are present.
+ *
+ * returns
+ * 0, on success
+ * libfdt error code, on failure
*/
-int fit_add_verification_data(void *fit);
+int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ const char *comment, int require_keys);
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
#if defined(CONFIG_FIT_SIGNATURE)
# ifdef USE_HOSTCC
# define IMAGE_ENABLE_SIGN 1
-# define IMAGE_ENABLE_VERIFY 0
+# define IMAGE_ENABLE_VERIFY 1
+# include <openssl/evp.h>
#else
# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY 1
#endif
#ifdef USE_HOSTCC
-# define gd_fdt_blob() NULL
+void *image_get_host_blob(void);
+void image_set_host_blob(void *host_blob);
+# define gd_fdt_blob() image_get_host_blob()
#else
# define gd_fdt_blob() (gd->fdt_blob)
#endif
int size;
};
+#if IMAGE_ENABLE_VERIFY
+# include <rsa-checksum.h>
+#endif
+struct checksum_algo {
+ const char *name;
+ const int checksum_len;
+ const int pad_len;
+#if IMAGE_ENABLE_SIGN
+ const EVP_MD *(*calculate_sign)(void);
+#endif
+ void (*calculate)(const struct image_region region[],
+ int region_count, uint8_t *checksum);
+ const uint8_t *rsa_padding;
+};
+
struct image_sig_algo {
const char *name; /* Name of algorithm */
int (*verify)(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
+
+ /* pointer to checksum algorithm */
+ struct checksum_algo *checksum;
};
/**
*/
struct image_sig_algo *image_get_sig_algo(const char *name);
+/**
+ * fit_image_verify_required_sigs() - Verify signatures marked as 'required'
+ *
+ * @fit: FIT to check
+ * @image_noffset: Offset of image node to check
+ * @data: Image data to check
+ * @size: Size of image data
+ * @sig_blob: FDT containing public keys
+ * @no_sigsp: Returns 1 if no signatures were required, and
+ * therefore nothing was checked. The caller may wish
+ * to fall back to other mechanisms, or refuse to
+ * boot.
+ * @return 0 if all verified ok, <0 on error
+ */
+int fit_image_verify_required_sigs(const void *fit, int image_noffset,
+ const char *data, size_t size, const void *sig_blob,
+ int *no_sigsp);
+
+/**
+ * fit_image_check_sig() - Check a single image signature node
+ *
+ * @fit: FIT to check
+ * @noffset: Offset of signature node to check
+ * @data: Image data to check
+ * @size: Size of image data
+ * @required_keynode: Offset in the control FDT of the required key node,
+ * if any. If this is given, then the image wil not
+ * pass verification unless that key is used. If this is
+ * -1 then any signature will do.
+ * @err_msgp: In the event of an error, this will be pointed to a
+ * help error string to display to the user.
+ * @return 0 if all verified ok, <0 on error
+ */
+int fit_image_check_sig(const void *fit, int noffset, const void *data,
+ size_t size, int required_keynode, char **err_msgp);
+
+/**
+ * fit_region_make_list() - Make a list of regions to hash
+ *
+ * Given a list of FIT regions (offset, size) provided by libfdt, create
+ * a list of regions (void *, size) for use by the signature creationg
+ * and verification code.
+ *
+ * @fit: FIT image to process
+ * @fdt_regions: Regions as returned by libfdt
+ * @count: Number of regions returned by libfdt
+ * @region: Place to put list of regions (NULL to allocate it)
+ * @return pointer to list of regions, or NULL if out of memory
+ */
+struct image_region *fit_region_make_list(const void *fit,
+ struct fdt_region *fdt_regions, int count,
+ struct image_region *region);
+
static inline int fit_image_check_target_arch(const void *fdt, int node)
{
+#ifndef USE_HOSTCC
return fit_image_check_arch(fdt, node, IH_ARCH_DEFAULT);
+#else
+ return 0;
+#endif
}
#ifdef CONFIG_FIT_VERBOSE
projects / karo-tx-uboot.git / blobdiff