1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2013, Google Inc.
5 * (C) Copyright 2008 Semihalf
7 * (C) Copyright 2000-2006
8 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
17 * fit_set_hash_value - set hash value in requested has node
18 * @fit: pointer to the FIT format image header
19 * @noffset: hash node offset
20 * @value: hash value to be set
21 * @value_len: hash value length
23 * fit_set_hash_value() attempts to set hash value in a node at offset
24 * given and returns operation status to the caller.
30 static int fit_set_hash_value(void *fit, int noffset, uint8_t *value,
35 ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
37 printf("Can't set hash '%s' property for '%s' node(%s)\n",
38 FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL),
40 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
47 * fit_image_process_hash - Process a single subnode of the images/ node
49 * Check each subnode and process accordingly. For hash nodes we generate
50 * a hash of the supplised data and store it in the node.
52 * @fit: pointer to the FIT format image header
53 * @image_name: name of image being processes (used to display errors)
54 * @noffset: subnode offset
55 * @data: data to process
56 * @size: size of data in bytes
57 * @return 0 if ok, -1 on error
59 static int fit_image_process_hash(void *fit, const char *image_name,
60 int noffset, const void *data, size_t size)
62 uint8_t value[FIT_MAX_HASH_LEN];
63 const char *node_name;
68 node_name = fit_get_name(fit, noffset, NULL);
70 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
71 printf("Can't get hash algo property for '%s' hash node in '%s' image node\n",
72 node_name, image_name);
76 if (calculate_hash(data, size, algo, value, &value_len)) {
77 printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n",
78 algo, node_name, image_name);
79 return -EPROTONOSUPPORT;
82 ret = fit_set_hash_value(fit, noffset, value, value_len);
84 printf("Can't set hash value for '%s' hash node in '%s' image node\n",
85 node_name, image_name);
93 * fit_image_write_sig() - write the signature to a FIT
95 * This writes the signature and signer data to the FIT.
97 * @fit: pointer to the FIT format image header
98 * @noffset: hash node offset
99 * @value: signature value to be set
100 * @value_len: signature value length
101 * @comment: Text comment to write (NULL for none)
105 * -FDT_ERR_..., on failure
107 static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
108 int value_len, const char *comment, const char *region_prop,
109 int region_proplen, const char *cmdname)
115 * Get the current string size, before we update the FIT and add
118 string_size = fdt_size_dt_strings(fit);
120 ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
122 ret = fdt_setprop_string(fit, noffset, "signer-name",
126 ret = fdt_setprop_string(fit, noffset, "signer-version",
130 ret = fdt_setprop_string(fit, noffset, "comment", comment);
132 time_t timestamp = imagetool_get_source_date(cmdname,
135 ret = fit_set_timestamp(fit, noffset, timestamp);
137 if (region_prop && !ret) {
140 ret = fdt_setprop(fit, noffset, "hashed-nodes",
141 region_prop, region_proplen);
142 /* This is a legacy offset, it is unused, and must remain 0. */
144 strdata[1] = cpu_to_fdt32(string_size);
146 ret = fdt_setprop(fit, noffset, "hashed-strings",
147 strdata, sizeof(strdata));
154 static int fit_image_setup_sig(struct image_sign_info *info,
155 const char *keydir, void *fit, const char *image_name,
156 int noffset, const char *require_keys, const char *engine_id)
158 const char *node_name;
161 node_name = fit_get_name(fit, noffset, NULL);
162 if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
163 printf("Can't get algo property for '%s' signature node in '%s' image node\n",
164 node_name, image_name);
168 memset(info, '\0', sizeof(*info));
169 info->keydir = keydir;
170 info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
172 info->node_offset = noffset;
173 info->name = strdup(algo_name);
174 info->checksum = image_get_checksum_algo(algo_name);
175 info->crypto = image_get_crypto_algo(algo_name);
176 info->require_keys = require_keys;
177 info->engine_id = engine_id;
178 if (!info->checksum || !info->crypto) {
179 printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
180 algo_name, node_name, image_name);
188 * fit_image_process_sig- Process a single subnode of the images/ node
190 * Check each subnode and process accordingly. For signature nodes we
191 * generate a signed hash of the supplised data and store it in the node.
193 * @keydir: Directory containing keys to use for signing
194 * @keydest: Destination FDT blob to write public keys into
195 * @fit: pointer to the FIT format image header
196 * @image_name: name of image being processes (used to display errors)
197 * @noffset: subnode offset
198 * @data: data to process
199 * @size: size of data in bytes
200 * @comment: Comment to add to signature nodes
201 * @require_keys: Mark all keys as 'required'
202 * @engine_id: Engine to use for signing
203 * @return 0 if ok, -1 on error
205 static int fit_image_process_sig(const char *keydir, void *keydest,
206 void *fit, const char *image_name,
207 int noffset, const void *data, size_t size,
208 const char *comment, int require_keys, const char *engine_id,
211 struct image_sign_info info;
212 struct image_region region;
213 const char *node_name;
218 if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset,
219 require_keys ? "image" : NULL, engine_id))
222 node_name = fit_get_name(fit, noffset, NULL);
225 ret = info.crypto->sign(&info, ®ion, 1, &value, &value_len);
227 printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
228 node_name, image_name, ret);
230 /* We allow keys to be missing */
236 ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
239 if (ret == -FDT_ERR_NOSPACE)
241 printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n",
242 node_name, image_name, fdt_strerror(ret));
247 /* Get keyname again, as FDT has changed and invalidated our pointer */
248 info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
251 * Write the public key into the supplied FDT file; this might fail
252 * several times, since we try signing with successively increasing
256 ret = info.crypto->add_verify_data(&info, keydest);
258 printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
259 node_name, image_name);
268 * fit_image_add_verification_data() - calculate/set verig. data for image node
270 * This adds hash and signature values for an component image node.
272 * All existing hash subnodes are checked, if algorithm property is set to
273 * one of the supported hash algorithms, hash value is computed and
274 * corresponding hash node property is set, for example:
276 * Input component image node structure:
278 * o image-1 (at image_noffset)
279 * | - data = [binary data]
283 * Output component image node structure:
285 * o image-1 (at image_noffset)
286 * | - data = [binary data]
289 * |- value = sha1(data)
291 * For signature details, please see doc/uImage.FIT/signature.txt
293 * @keydir Directory containing *.key and *.crt files (or NULL)
294 * @keydest FDT Blob to write public keys into (NULL if none)
295 * @fit: Pointer to the FIT format image header
296 * @image_noffset: Requested component image node
297 * @comment: Comment to add to signature nodes
298 * @require_keys: Mark all keys as 'required'
299 * @engine_id: Engine to use for signing
300 * @return: 0 on success, <0 on failure
302 int fit_image_add_verification_data(const char *keydir, void *keydest,
303 void *fit, int image_noffset, const char *comment,
304 int require_keys, const char *engine_id, const char *cmdname)
306 const char *image_name;
311 /* Get image data and data length */
312 if (fit_image_get_data(fit, image_noffset, &data, &size)) {
313 printf("Can't get image data/size\n");
317 image_name = fit_get_name(fit, image_noffset, NULL);
319 /* Process all hash subnodes of the component image node */
320 for (noffset = fdt_first_subnode(fit, image_noffset);
322 noffset = fdt_next_subnode(fit, noffset)) {
323 const char *node_name;
327 * Check subnode name, must be equal to "hash" or "signature".
328 * Multiple hash nodes require unique unit node
329 * names, e.g. hash-1, hash-2, signature-1, etc.
331 node_name = fit_get_name(fit, noffset, NULL);
332 if (!strncmp(node_name, FIT_HASH_NODENAME,
333 strlen(FIT_HASH_NODENAME))) {
334 ret = fit_image_process_hash(fit, image_name, noffset,
336 } else if (IMAGE_ENABLE_SIGN && keydir &&
337 !strncmp(node_name, FIT_SIG_NODENAME,
338 strlen(FIT_SIG_NODENAME))) {
339 ret = fit_image_process_sig(keydir, keydest,
340 fit, image_name, noffset, data, size,
341 comment, require_keys, engine_id, cmdname);
355 static void strlist_init(struct strlist *list)
357 memset(list, '\0', sizeof(*list));
360 static void strlist_free(struct strlist *list)
364 for (i = 0; i < list->count; i++)
365 free(list->strings[i]);
369 static int strlist_add(struct strlist *list, const char *str)
374 list->strings = realloc(list->strings,
375 (list->count + 1) * sizeof(char *));
378 list->strings[list->count++] = dup;
383 static const char *fit_config_get_image_list(void *fit, int noffset,
384 int *lenp, int *allow_missingp)
386 static const char default_list[] = FIT_KERNEL_PROP "\0"
390 /* If there is an "image" property, use that */
391 prop = fdt_getprop(fit, noffset, "sign-images", lenp);
394 return *lenp ? prop : NULL;
397 /* Default image list */
399 *lenp = sizeof(default_list);
404 static int fit_config_get_hash_list(void *fit, int conf_noffset,
405 int sig_offset, struct strlist *node_inc)
408 const char *prop, *iname, *end;
409 const char *conf_name, *sig_name;
410 char name[200], path[200];
414 conf_name = fit_get_name(fit, conf_noffset, NULL);
415 sig_name = fit_get_name(fit, sig_offset, NULL);
418 * Build a list of nodes we need to hash. We always need the root
419 * node and the configuration.
421 strlist_init(node_inc);
422 snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, conf_name);
423 if (strlist_add(node_inc, "/") ||
424 strlist_add(node_inc, name))
427 /* Get a list of images that we intend to sign */
428 prop = fit_config_get_image_list(fit, sig_offset, &len,
433 /* Locate the images */
436 for (iname = prop; iname < end; iname += strlen(iname) + 1) {
441 image_noffset = fit_conf_get_prop_node(fit, conf_noffset,
443 if (image_noffset < 0) {
444 printf("Failed to find image '%s' in configuration '%s/%s'\n",
445 iname, conf_name, sig_name);
452 ret = fdt_get_path(fit, image_noffset, path, sizeof(path));
455 if (strlist_add(node_inc, path))
458 snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH,
461 /* Add all this image's hashes */
463 for (noffset = fdt_first_subnode(fit, image_noffset);
465 noffset = fdt_next_subnode(fit, noffset)) {
466 const char *name = fit_get_name(fit, noffset, NULL);
468 if (strncmp(name, FIT_HASH_NODENAME,
469 strlen(FIT_HASH_NODENAME)))
471 ret = fdt_get_path(fit, noffset, path, sizeof(path));
474 if (strlist_add(node_inc, path))
480 printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
481 conf_name, sig_name, iname);
489 printf("Failed to find any images for configuration '%s/%s'\n",
490 conf_name, sig_name);
497 printf("Out of memory processing configuration '%s/%s'\n", conf_name,
502 printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n",
503 iname, conf_name, sig_name, fdt_strerror(ret));
507 static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
508 struct image_region **regionp, int *region_countp,
509 char **region_propp, int *region_proplen)
511 char * const exc_prop[] = {"data"};
512 struct strlist node_inc;
513 struct image_region *region;
514 struct fdt_region fdt_regions[100];
515 const char *conf_name, *sig_name;
521 conf_name = fit_get_name(fit, conf_noffset, NULL);
522 sig_name = fit_get_name(fit, noffset, NULL);
523 debug("%s: conf='%s', sig='%s'\n", __func__, conf_name, sig_name);
525 /* Get a list of nodes we want to hash */
526 ret = fit_config_get_hash_list(fit, conf_noffset, noffset, &node_inc);
530 /* Get a list of regions to hash */
531 count = fdt_find_regions(fit, node_inc.strings, node_inc.count,
532 exc_prop, ARRAY_SIZE(exc_prop),
533 fdt_regions, ARRAY_SIZE(fdt_regions),
534 path, sizeof(path), 1);
536 printf("Failed to hash configuration '%s/%s': %s\n", conf_name,
537 sig_name, fdt_strerror(ret));
541 printf("No data to hash for configuration '%s/%s': %s\n",
542 conf_name, sig_name, fdt_strerror(ret));
546 /* Build our list of data blocks */
547 region = fit_region_make_list(fit, fdt_regions, count, NULL);
549 printf("Out of memory hashing configuration '%s/%s'\n",
550 conf_name, sig_name);
554 /* Create a list of all hashed properties */
555 debug("Hash nodes:\n");
556 for (i = len = 0; i < node_inc.count; i++) {
557 debug(" %s\n", node_inc.strings[i]);
558 len += strlen(node_inc.strings[i]) + 1;
560 region_prop = malloc(len);
562 printf("Out of memory setting up regions for configuration '%s/%s'\n",
563 conf_name, sig_name);
566 for (i = len = 0; i < node_inc.count;
567 len += strlen(node_inc.strings[i]) + 1, i++)
568 strcpy(region_prop + len, node_inc.strings[i]);
569 strlist_free(&node_inc);
571 *region_countp = count;
573 *region_propp = region_prop;
574 *region_proplen = len;
579 static int fit_config_process_sig(const char *keydir, void *keydest,
580 void *fit, const char *conf_name, int conf_noffset,
581 int noffset, const char *comment, int require_keys,
582 const char *engine_id, const char *cmdname)
584 struct image_sign_info info;
585 const char *node_name;
586 struct image_region *region;
594 node_name = fit_get_name(fit, noffset, NULL);
595 if (fit_config_get_data(fit, conf_noffset, noffset, ®ion,
596 ®ion_count, ®ion_prop, ®ion_proplen))
599 if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset,
600 require_keys ? "conf" : NULL, engine_id))
603 ret = info.crypto->sign(&info, region, region_count, &value,
607 printf("Failed to sign '%s' signature node in '%s' conf node\n",
608 node_name, conf_name);
610 /* We allow keys to be missing */
616 ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
617 region_prop, region_proplen, cmdname);
619 if (ret == -FDT_ERR_NOSPACE)
621 printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n",
622 node_name, conf_name, fdt_strerror(ret));
628 /* Get keyname again, as FDT has changed and invalidated our pointer */
629 info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
631 /* Write the public key into the supplied FDT file */
633 ret = info.crypto->add_verify_data(&info, keydest);
635 printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
636 node_name, conf_name);
644 static int fit_config_add_verification_data(const char *keydir, void *keydest,
645 void *fit, int conf_noffset, const char *comment,
646 int require_keys, const char *engine_id, const char *cmdname)
648 const char *conf_name;
651 conf_name = fit_get_name(fit, conf_noffset, NULL);
653 /* Process all hash subnodes of the configuration node */
654 for (noffset = fdt_first_subnode(fit, conf_noffset);
656 noffset = fdt_next_subnode(fit, noffset)) {
657 const char *node_name;
660 node_name = fit_get_name(fit, noffset, NULL);
661 if (!strncmp(node_name, FIT_SIG_NODENAME,
662 strlen(FIT_SIG_NODENAME))) {
663 ret = fit_config_process_sig(keydir, keydest,
664 fit, conf_name, conf_noffset, noffset, comment,
665 require_keys, engine_id, cmdname);
674 int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
675 const char *comment, int require_keys,
676 const char *engine_id, const char *cmdname)
678 int images_noffset, confs_noffset;
682 /* Find images parent node offset */
683 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
684 if (images_noffset < 0) {
685 printf("Can't find images parent node '%s' (%s)\n",
686 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
687 return images_noffset;
690 /* Process its subnodes, print out component images details */
691 for (noffset = fdt_first_subnode(fit, images_noffset);
693 noffset = fdt_next_subnode(fit, noffset)) {
695 * Direct child node of the images parent node,
696 * i.e. component image node.
698 ret = fit_image_add_verification_data(keydir, keydest,
699 fit, noffset, comment, require_keys, engine_id,
705 /* If there are no keys, we can't sign configurations */
706 if (!IMAGE_ENABLE_SIGN || !keydir)
709 /* Find configurations parent node offset */
710 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
711 if (confs_noffset < 0) {
712 printf("Can't find images parent node '%s' (%s)\n",
713 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
717 /* Process its subnodes, print out component images details */
718 for (noffset = fdt_first_subnode(fit, confs_noffset);
720 noffset = fdt_next_subnode(fit, noffset)) {
721 ret = fit_config_add_verification_data(keydir, keydest,
722 fit, noffset, comment,
732 #ifdef CONFIG_FIT_SIGNATURE
733 int fit_check_sign(const void *fit, const void *key)
738 cfg_noffset = fit_conf_get_node(fit, NULL);
742 printf("Verifying Hash Integrity ... ");
743 ret = fit_config_verify(fit, cfg_noffset);
746 ret = bootm_host_load_images(fit, cfg_noffset);
projects / platform / kernel / u-boot.git / blob