tools: imx8image: set dcd_skip to true
[platform/kernel/u-boot.git] / tools / kwbimage.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Image manipulator for Marvell SoCs
4  *  supports Kirkwood, Dove, Armada 370, Armada XP, and Armada 38x
5  *
6  * (C) Copyright 2013 Thomas Petazzoni
7  * <thomas.petazzoni@free-electrons.com>
8  *
9  * Not implemented: support for the register headers in v1 images
10  */
11
12 #include "imagetool.h"
13 #include <limits.h>
14 #include <image.h>
15 #include <stdarg.h>
16 #include <stdint.h>
17 #include "kwbimage.h"
18
19 #ifdef CONFIG_KWB_SECURE
20 #include <openssl/bn.h>
21 #include <openssl/rsa.h>
22 #include <openssl/pem.h>
23 #include <openssl/err.h>
24 #include <openssl/evp.h>
25
26 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
27     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
28 static void RSA_get0_key(const RSA *r,
29                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
30 {
31    if (n != NULL)
32        *n = r->n;
33    if (e != NULL)
34        *e = r->e;
35    if (d != NULL)
36        *d = r->d;
37 }
38
39 #elif !defined(LIBRESSL_VERSION_NUMBER)
40 void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
41 {
42         EVP_MD_CTX_reset(ctx);
43 }
44 #endif
45 #endif
46
47 static struct image_cfg_element *image_cfg;
48 static int cfgn;
49 #ifdef CONFIG_KWB_SECURE
50 static int verbose_mode;
51 #endif
52
53 struct boot_mode {
54         unsigned int id;
55         const char *name;
56 };
57
58 /*
59  * SHA2-256 hash
60  */
61 struct hash_v1 {
62         uint8_t hash[32];
63 };
64
65 struct boot_mode boot_modes[] = {
66         { 0x4D, "i2c"  },
67         { 0x5A, "spi"  },
68         { 0x8B, "nand" },
69         { 0x78, "sata" },
70         { 0x9C, "pex"  },
71         { 0x69, "uart" },
72         { 0xAE, "sdio" },
73         {},
74 };
75
76 struct nand_ecc_mode {
77         unsigned int id;
78         const char *name;
79 };
80
81 struct nand_ecc_mode nand_ecc_modes[] = {
82         { 0x00, "default" },
83         { 0x01, "hamming" },
84         { 0x02, "rs" },
85         { 0x03, "disabled" },
86         {},
87 };
88
89 /* Used to identify an undefined execution or destination address */
90 #define ADDR_INVALID ((uint32_t)-1)
91
92 #define BINARY_MAX_ARGS 8
93
94 /* In-memory representation of a line of the configuration file */
95
96 enum image_cfg_type {
97         IMAGE_CFG_VERSION = 0x1,
98         IMAGE_CFG_BOOT_FROM,
99         IMAGE_CFG_DEST_ADDR,
100         IMAGE_CFG_EXEC_ADDR,
101         IMAGE_CFG_NAND_BLKSZ,
102         IMAGE_CFG_NAND_BADBLK_LOCATION,
103         IMAGE_CFG_NAND_ECC_MODE,
104         IMAGE_CFG_NAND_PAGESZ,
105         IMAGE_CFG_BINARY,
106         IMAGE_CFG_PAYLOAD,
107         IMAGE_CFG_DATA,
108         IMAGE_CFG_BAUDRATE,
109         IMAGE_CFG_DEBUG,
110         IMAGE_CFG_KAK,
111         IMAGE_CFG_CSK,
112         IMAGE_CFG_CSK_INDEX,
113         IMAGE_CFG_JTAG_DELAY,
114         IMAGE_CFG_BOX_ID,
115         IMAGE_CFG_FLASH_ID,
116         IMAGE_CFG_SEC_COMMON_IMG,
117         IMAGE_CFG_SEC_SPECIALIZED_IMG,
118         IMAGE_CFG_SEC_BOOT_DEV,
119         IMAGE_CFG_SEC_FUSE_DUMP,
120
121         IMAGE_CFG_COUNT
122 } type;
123
124 static const char * const id_strs[] = {
125         [IMAGE_CFG_VERSION] = "VERSION",
126         [IMAGE_CFG_BOOT_FROM] = "BOOT_FROM",
127         [IMAGE_CFG_DEST_ADDR] = "DEST_ADDR",
128         [IMAGE_CFG_EXEC_ADDR] = "EXEC_ADDR",
129         [IMAGE_CFG_NAND_BLKSZ] = "NAND_BLKSZ",
130         [IMAGE_CFG_NAND_BADBLK_LOCATION] = "NAND_BADBLK_LOCATION",
131         [IMAGE_CFG_NAND_ECC_MODE] = "NAND_ECC_MODE",
132         [IMAGE_CFG_NAND_PAGESZ] = "NAND_PAGE_SIZE",
133         [IMAGE_CFG_BINARY] = "BINARY",
134         [IMAGE_CFG_PAYLOAD] = "PAYLOAD",
135         [IMAGE_CFG_DATA] = "DATA",
136         [IMAGE_CFG_BAUDRATE] = "BAUDRATE",
137         [IMAGE_CFG_DEBUG] = "DEBUG",
138         [IMAGE_CFG_KAK] = "KAK",
139         [IMAGE_CFG_CSK] = "CSK",
140         [IMAGE_CFG_CSK_INDEX] = "CSK_INDEX",
141         [IMAGE_CFG_JTAG_DELAY] = "JTAG_DELAY",
142         [IMAGE_CFG_BOX_ID] = "BOX_ID",
143         [IMAGE_CFG_FLASH_ID] = "FLASH_ID",
144         [IMAGE_CFG_SEC_COMMON_IMG] = "SEC_COMMON_IMG",
145         [IMAGE_CFG_SEC_SPECIALIZED_IMG] = "SEC_SPECIALIZED_IMG",
146         [IMAGE_CFG_SEC_BOOT_DEV] = "SEC_BOOT_DEV",
147         [IMAGE_CFG_SEC_FUSE_DUMP] = "SEC_FUSE_DUMP"
148 };
149
150 struct image_cfg_element {
151         enum image_cfg_type type;
152         union {
153                 unsigned int version;
154                 unsigned int bootfrom;
155                 struct {
156                         const char *file;
157                         unsigned int args[BINARY_MAX_ARGS];
158                         unsigned int nargs;
159                 } binary;
160                 const char *payload;
161                 unsigned int dstaddr;
162                 unsigned int execaddr;
163                 unsigned int nandblksz;
164                 unsigned int nandbadblklocation;
165                 unsigned int nandeccmode;
166                 unsigned int nandpagesz;
167                 struct ext_hdr_v0_reg regdata;
168                 unsigned int baudrate;
169                 unsigned int debug;
170                 const char *key_name;
171                 int csk_idx;
172                 uint8_t jtag_delay;
173                 uint32_t boxid;
174                 uint32_t flashid;
175                 bool sec_specialized_img;
176                 unsigned int sec_boot_dev;
177                 const char *name;
178         };
179 };
180
181 #define IMAGE_CFG_ELEMENT_MAX 256
182
183 /*
184  * Utility functions to manipulate boot mode and ecc modes (convert
185  * them back and forth between description strings and the
186  * corresponding numerical identifiers).
187  */
188
189 static const char *image_boot_mode_name(unsigned int id)
190 {
191         int i;
192
193         for (i = 0; boot_modes[i].name; i++)
194                 if (boot_modes[i].id == id)
195                         return boot_modes[i].name;
196         return NULL;
197 }
198
199 int image_boot_mode_id(const char *boot_mode_name)
200 {
201         int i;
202
203         for (i = 0; boot_modes[i].name; i++)
204                 if (!strcmp(boot_modes[i].name, boot_mode_name))
205                         return boot_modes[i].id;
206
207         return -1;
208 }
209
210 int image_nand_ecc_mode_id(const char *nand_ecc_mode_name)
211 {
212         int i;
213
214         for (i = 0; nand_ecc_modes[i].name; i++)
215                 if (!strcmp(nand_ecc_modes[i].name, nand_ecc_mode_name))
216                         return nand_ecc_modes[i].id;
217         return -1;
218 }
219
220 static struct image_cfg_element *
221 image_find_option(unsigned int optiontype)
222 {
223         int i;
224
225         for (i = 0; i < cfgn; i++) {
226                 if (image_cfg[i].type == optiontype)
227                         return &image_cfg[i];
228         }
229
230         return NULL;
231 }
232
233 static unsigned int
234 image_count_options(unsigned int optiontype)
235 {
236         int i;
237         unsigned int count = 0;
238
239         for (i = 0; i < cfgn; i++)
240                 if (image_cfg[i].type == optiontype)
241                         count++;
242
243         return count;
244 }
245
246 #if defined(CONFIG_KWB_SECURE)
247
248 static int image_get_csk_index(void)
249 {
250         struct image_cfg_element *e;
251
252         e = image_find_option(IMAGE_CFG_CSK_INDEX);
253         if (!e)
254                 return -1;
255
256         return e->csk_idx;
257 }
258
259 static bool image_get_spezialized_img(void)
260 {
261         struct image_cfg_element *e;
262
263         e = image_find_option(IMAGE_CFG_SEC_SPECIALIZED_IMG);
264         if (!e)
265                 return false;
266
267         return e->sec_specialized_img;
268 }
269
270 #endif
271
272 /*
273  * Compute a 8-bit checksum of a memory area. This algorithm follows
274  * the requirements of the Marvell SoC BootROM specifications.
275  */
276 static uint8_t image_checksum8(void *start, uint32_t len)
277 {
278         uint8_t csum = 0;
279         uint8_t *p = start;
280
281         /* check len and return zero checksum if invalid */
282         if (!len)
283                 return 0;
284
285         do {
286                 csum += *p;
287                 p++;
288         } while (--len);
289
290         return csum;
291 }
292
293 size_t kwbimage_header_size(unsigned char *ptr)
294 {
295         if (image_version((void *)ptr) == 0)
296                 return sizeof(struct main_hdr_v0);
297         else
298                 return KWBHEADER_V1_SIZE((struct main_hdr_v1 *)ptr);
299 }
300
301 /*
302  * Verify checksum over a complete header that includes the checksum field.
303  * Return 1 when OK, otherwise 0.
304  */
305 static int main_hdr_checksum_ok(void *hdr)
306 {
307         /* Offsets of checksum in v0 and v1 headers are the same */
308         struct main_hdr_v0 *main_hdr = (struct main_hdr_v0 *)hdr;
309         uint8_t checksum;
310
311         checksum = image_checksum8(hdr, kwbimage_header_size(hdr));
312         /* Calculated checksum includes the header checksum field. Compensate
313          * for that.
314          */
315         checksum -= main_hdr->checksum;
316
317         return checksum == main_hdr->checksum;
318 }
319
320 static uint32_t image_checksum32(void *start, uint32_t len)
321 {
322         uint32_t csum = 0;
323         uint32_t *p = start;
324
325         /* check len and return zero checksum if invalid */
326         if (!len)
327                 return 0;
328
329         if (len % sizeof(uint32_t)) {
330                 fprintf(stderr, "Length %d is not in multiple of %zu\n",
331                         len, sizeof(uint32_t));
332                 return 0;
333         }
334
335         do {
336                 csum += *p;
337                 p++;
338                 len -= sizeof(uint32_t);
339         } while (len > 0);
340
341         return csum;
342 }
343
344 static uint8_t baudrate_to_option(unsigned int baudrate)
345 {
346         switch (baudrate) {
347         case 2400:
348                 return MAIN_HDR_V1_OPT_BAUD_2400;
349         case 4800:
350                 return MAIN_HDR_V1_OPT_BAUD_4800;
351         case 9600:
352                 return MAIN_HDR_V1_OPT_BAUD_9600;
353         case 19200:
354                 return MAIN_HDR_V1_OPT_BAUD_19200;
355         case 38400:
356                 return MAIN_HDR_V1_OPT_BAUD_38400;
357         case 57600:
358                 return MAIN_HDR_V1_OPT_BAUD_57600;
359         case 115200:
360                 return MAIN_HDR_V1_OPT_BAUD_115200;
361         default:
362                 return MAIN_HDR_V1_OPT_BAUD_DEFAULT;
363         }
364 }
365
366 #if defined(CONFIG_KWB_SECURE)
367 static void kwb_msg(const char *fmt, ...)
368 {
369         if (verbose_mode) {
370                 va_list ap;
371
372                 va_start(ap, fmt);
373                 vfprintf(stdout, fmt, ap);
374                 va_end(ap);
375         }
376 }
377
378 static int openssl_err(const char *msg)
379 {
380         unsigned long ssl_err = ERR_get_error();
381
382         fprintf(stderr, "%s", msg);
383         fprintf(stderr, ": %s\n",
384                 ERR_error_string(ssl_err, 0));
385
386         return -1;
387 }
388
389 static int kwb_load_rsa_key(const char *keydir, const char *name, RSA **p_rsa)
390 {
391         char path[PATH_MAX];
392         RSA *rsa;
393         FILE *f;
394
395         if (!keydir)
396                 keydir = ".";
397
398         snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
399         f = fopen(path, "r");
400         if (!f) {
401                 fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
402                         path, strerror(errno));
403                 return -ENOENT;
404         }
405
406         rsa = PEM_read_RSAPrivateKey(f, 0, NULL, "");
407         if (!rsa) {
408                 openssl_err("Failure reading private key");
409                 fclose(f);
410                 return -EPROTO;
411         }
412         fclose(f);
413         *p_rsa = rsa;
414
415         return 0;
416 }
417
418 static int kwb_load_cfg_key(struct image_tool_params *params,
419                             unsigned int cfg_option, const char *key_name,
420                             RSA **p_key)
421 {
422         struct image_cfg_element *e_key;
423         RSA *key;
424         int res;
425
426         *p_key = NULL;
427
428         e_key = image_find_option(cfg_option);
429         if (!e_key) {
430                 fprintf(stderr, "%s not configured\n", key_name);
431                 return -ENOENT;
432         }
433
434         res = kwb_load_rsa_key(params->keydir, e_key->key_name, &key);
435         if (res < 0) {
436                 fprintf(stderr, "Failed to load %s\n", key_name);
437                 return -ENOENT;
438         }
439
440         *p_key = key;
441
442         return 0;
443 }
444
445 static int kwb_load_kak(struct image_tool_params *params, RSA **p_kak)
446 {
447         return kwb_load_cfg_key(params, IMAGE_CFG_KAK, "KAK", p_kak);
448 }
449
450 static int kwb_load_csk(struct image_tool_params *params, RSA **p_csk)
451 {
452         return kwb_load_cfg_key(params, IMAGE_CFG_CSK, "CSK", p_csk);
453 }
454
455 static int kwb_compute_pubkey_hash(struct pubkey_der_v1 *pk,
456                                    struct hash_v1 *hash)
457 {
458         EVP_MD_CTX *ctx;
459         unsigned int key_size;
460         unsigned int hash_size;
461         int ret = 0;
462
463         if (!pk || !hash || pk->key[0] != 0x30 || pk->key[1] != 0x82)
464                 return -EINVAL;
465
466         key_size = (pk->key[2] << 8) + pk->key[3] + 4;
467
468         ctx = EVP_MD_CTX_create();
469         if (!ctx)
470                 return openssl_err("EVP context creation failed");
471
472         EVP_MD_CTX_init(ctx);
473         if (!EVP_DigestInit(ctx, EVP_sha256())) {
474                 ret = openssl_err("Digest setup failed");
475                 goto hash_err_ctx;
476         }
477
478         if (!EVP_DigestUpdate(ctx, pk->key, key_size)) {
479                 ret = openssl_err("Hashing data failed");
480                 goto hash_err_ctx;
481         }
482
483         if (!EVP_DigestFinal(ctx, hash->hash, &hash_size)) {
484                 ret = openssl_err("Could not obtain hash");
485                 goto hash_err_ctx;
486         }
487
488         EVP_MD_CTX_cleanup(ctx);
489
490 hash_err_ctx:
491         EVP_MD_CTX_destroy(ctx);
492         return ret;
493 }
494
495 static int kwb_import_pubkey(RSA **key, struct pubkey_der_v1 *src, char *keyname)
496 {
497         RSA *rsa;
498         const unsigned char *ptr;
499
500         if (!key || !src)
501                 goto fail;
502
503         ptr = src->key;
504         rsa = d2i_RSAPublicKey(key, &ptr, sizeof(src->key));
505         if (!rsa) {
506                 openssl_err("error decoding public key");
507                 goto fail;
508         }
509
510         return 0;
511 fail:
512         fprintf(stderr, "Failed to decode %s pubkey\n", keyname);
513         return -EINVAL;
514 }
515
516 static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf,
517                              char *keyname)
518 {
519         int size_exp, size_mod, size_seq;
520         const BIGNUM *key_e, *key_n;
521         uint8_t *cur;
522         char *errmsg = "Failed to encode %s\n";
523
524         RSA_get0_key(key, NULL, &key_e, NULL);
525         RSA_get0_key(key, &key_n, NULL, NULL);
526
527         if (!key || !key_e || !key_n || !dst) {
528                 fprintf(stderr, "export pk failed: (%p, %p, %p, %p)",
529                         key, key_e, key_n, dst);
530                 fprintf(stderr, errmsg, keyname);
531                 return -EINVAL;
532         }
533
534         /*
535          * According to the specs, the key should be PKCS#1 DER encoded.
536          * But unfortunately the really required encoding seems to be different;
537          * it violates DER...! (But it still conformes to BER.)
538          * (Length always in long form w/ 2 byte length code; no leading zero
539          * when MSB of first byte is set...)
540          * So we cannot use the encoding func provided by OpenSSL and have to
541          * do the encoding manually.
542          */
543
544         size_exp = BN_num_bytes(key_e);
545         size_mod = BN_num_bytes(key_n);
546         size_seq = 4 + size_mod + 4 + size_exp;
547
548         if (size_mod > 256) {
549                 fprintf(stderr, "export pk failed: wrong mod size: %d\n",
550                         size_mod);
551                 fprintf(stderr, errmsg, keyname);
552                 return -EINVAL;
553         }
554
555         if (4 + size_seq > sizeof(dst->key)) {
556                 fprintf(stderr, "export pk failed: seq too large (%d, %lu)\n",
557                         4 + size_seq, sizeof(dst->key));
558                 fprintf(stderr, errmsg, keyname);
559                 return -ENOBUFS;
560         }
561
562         cur = dst->key;
563
564         /* PKCS#1 (RFC3447) RSAPublicKey structure */
565         *cur++ = 0x30;          /* SEQUENCE */
566         *cur++ = 0x82;
567         *cur++ = (size_seq >> 8) & 0xFF;
568         *cur++ = size_seq & 0xFF;
569         /* Modulus */
570         *cur++ = 0x02;          /* INTEGER */
571         *cur++ = 0x82;
572         *cur++ = (size_mod >> 8) & 0xFF;
573         *cur++ = size_mod & 0xFF;
574         BN_bn2bin(key_n, cur);
575         cur += size_mod;
576         /* Exponent */
577         *cur++ = 0x02;          /* INTEGER */
578         *cur++ = 0x82;
579         *cur++ = (size_exp >> 8) & 0xFF;
580         *cur++ = size_exp & 0xFF;
581         BN_bn2bin(key_e, cur);
582
583         if (hashf) {
584                 struct hash_v1 pk_hash;
585                 int i;
586                 int ret = 0;
587
588                 ret = kwb_compute_pubkey_hash(dst, &pk_hash);
589                 if (ret < 0) {
590                         fprintf(stderr, errmsg, keyname);
591                         return ret;
592                 }
593
594                 fprintf(hashf, "SHA256 = ");
595                 for (i = 0 ; i < sizeof(pk_hash.hash); ++i)
596                         fprintf(hashf, "%02X", pk_hash.hash[i]);
597                 fprintf(hashf, "\n");
598         }
599
600         return 0;
601 }
602
603 int kwb_sign(RSA *key, void *data, int datasz, struct sig_v1 *sig, char *signame)
604 {
605         EVP_PKEY *evp_key;
606         EVP_MD_CTX *ctx;
607         unsigned int sig_size;
608         int size;
609         int ret = 0;
610
611         evp_key = EVP_PKEY_new();
612         if (!evp_key)
613                 return openssl_err("EVP_PKEY object creation failed");
614
615         if (!EVP_PKEY_set1_RSA(evp_key, key)) {
616                 ret = openssl_err("EVP key setup failed");
617                 goto err_key;
618         }
619
620         size = EVP_PKEY_size(evp_key);
621         if (size > sizeof(sig->sig)) {
622                 fprintf(stderr, "Buffer to small for signature (%d bytes)\n",
623                         size);
624                 ret = -ENOBUFS;
625                 goto err_key;
626         }
627
628         ctx = EVP_MD_CTX_create();
629         if (!ctx) {
630                 ret = openssl_err("EVP context creation failed");
631                 goto err_key;
632         }
633         EVP_MD_CTX_init(ctx);
634         if (!EVP_SignInit(ctx, EVP_sha256())) {
635                 ret = openssl_err("Signer setup failed");
636                 goto err_ctx;
637         }
638
639         if (!EVP_SignUpdate(ctx, data, datasz)) {
640                 ret = openssl_err("Signing data failed");
641                 goto err_ctx;
642         }
643
644         if (!EVP_SignFinal(ctx, sig->sig, &sig_size, evp_key)) {
645                 ret = openssl_err("Could not obtain signature");
646                 goto err_ctx;
647         }
648
649         EVP_MD_CTX_cleanup(ctx);
650         EVP_MD_CTX_destroy(ctx);
651         EVP_PKEY_free(evp_key);
652
653         return 0;
654
655 err_ctx:
656         EVP_MD_CTX_destroy(ctx);
657 err_key:
658         EVP_PKEY_free(evp_key);
659         fprintf(stderr, "Failed to create %s signature\n", signame);
660         return ret;
661 }
662
663 int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
664                char *signame)
665 {
666         EVP_PKEY *evp_key;
667         EVP_MD_CTX *ctx;
668         int size;
669         int ret = 0;
670
671         evp_key = EVP_PKEY_new();
672         if (!evp_key)
673                 return openssl_err("EVP_PKEY object creation failed");
674
675         if (!EVP_PKEY_set1_RSA(evp_key, key)) {
676                 ret = openssl_err("EVP key setup failed");
677                 goto err_key;
678         }
679
680         size = EVP_PKEY_size(evp_key);
681         if (size > sizeof(sig->sig)) {
682                 fprintf(stderr, "Invalid signature size (%d bytes)\n",
683                         size);
684                 ret = -EINVAL;
685                 goto err_key;
686         }
687
688         ctx = EVP_MD_CTX_create();
689         if (!ctx) {
690                 ret = openssl_err("EVP context creation failed");
691                 goto err_key;
692         }
693         EVP_MD_CTX_init(ctx);
694         if (!EVP_VerifyInit(ctx, EVP_sha256())) {
695                 ret = openssl_err("Verifier setup failed");
696                 goto err_ctx;
697         }
698
699         if (!EVP_VerifyUpdate(ctx, data, datasz)) {
700                 ret = openssl_err("Hashing data failed");
701                 goto err_ctx;
702         }
703
704         if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) {
705                 ret = openssl_err("Could not verify signature");
706                 goto err_ctx;
707         }
708
709         EVP_MD_CTX_cleanup(ctx);
710         EVP_MD_CTX_destroy(ctx);
711         EVP_PKEY_free(evp_key);
712
713         return 0;
714
715 err_ctx:
716         EVP_MD_CTX_destroy(ctx);
717 err_key:
718         EVP_PKEY_free(evp_key);
719         fprintf(stderr, "Failed to verify %s signature\n", signame);
720         return ret;
721 }
722
723 int kwb_sign_and_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
724                         char *signame)
725 {
726         if (kwb_sign(key, data, datasz, sig, signame) < 0)
727                 return -1;
728
729         if (kwb_verify(key, data, datasz, sig, signame) < 0)
730                 return -1;
731
732         return 0;
733 }
734
735
736 int kwb_dump_fuse_cmds_38x(FILE *out, struct secure_hdr_v1 *sec_hdr)
737 {
738         struct hash_v1 kak_pub_hash;
739         struct image_cfg_element *e;
740         unsigned int fuse_line;
741         int i, idx;
742         uint8_t *ptr;
743         uint32_t val;
744         int ret = 0;
745
746         if (!out || !sec_hdr)
747                 return -EINVAL;
748
749         ret = kwb_compute_pubkey_hash(&sec_hdr->kak, &kak_pub_hash);
750         if (ret < 0)
751                 goto done;
752
753         fprintf(out, "# burn KAK pub key hash\n");
754         ptr = kak_pub_hash.hash;
755         for (fuse_line = 26; fuse_line <= 30; ++fuse_line) {
756                 fprintf(out, "fuse prog -y %u 0 ", fuse_line);
757
758                 for (i = 4; i-- > 0;)
759                         fprintf(out, "%02hx", (ushort)ptr[i]);
760                 ptr += 4;
761                 fprintf(out, " 00");
762
763                 if (fuse_line < 30) {
764                         for (i = 3; i-- > 0;)
765                                 fprintf(out, "%02hx", (ushort)ptr[i]);
766                         ptr += 3;
767                 } else {
768                         fprintf(out, "000000");
769                 }
770
771                 fprintf(out, " 1\n");
772         }
773
774         fprintf(out, "# burn CSK selection\n");
775
776         idx = image_get_csk_index();
777         if (idx < 0 || idx > 15) {
778                 ret = -EINVAL;
779                 goto done;
780         }
781         if (idx > 0) {
782                 for (fuse_line = 31; fuse_line < 31 + idx; ++fuse_line)
783                         fprintf(out, "fuse prog -y %u 0 00000001 00000000 1\n",
784                                 fuse_line);
785         } else {
786                 fprintf(out, "# CSK index is 0; no mods needed\n");
787         }
788
789         e = image_find_option(IMAGE_CFG_BOX_ID);
790         if (e) {
791                 fprintf(out, "# set box ID\n");
792                 fprintf(out, "fuse prog -y 48 0 %08x 00000000 1\n", e->boxid);
793         }
794
795         e = image_find_option(IMAGE_CFG_FLASH_ID);
796         if (e) {
797                 fprintf(out, "# set flash ID\n");
798                 fprintf(out, "fuse prog -y 47 0 %08x 00000000 1\n", e->flashid);
799         }
800
801         fprintf(out, "# enable secure mode ");
802         fprintf(out, "(must be the last fuse line written)\n");
803
804         val = 1;
805         e = image_find_option(IMAGE_CFG_SEC_BOOT_DEV);
806         if (!e) {
807                 fprintf(stderr, "ERROR: secured mode boot device not given\n");
808                 ret = -EINVAL;
809                 goto done;
810         }
811
812         if (e->sec_boot_dev > 0xff) {
813                 fprintf(stderr, "ERROR: secured mode boot device invalid\n");
814                 ret = -EINVAL;
815                 goto done;
816         }
817
818         val |= (e->sec_boot_dev << 8);
819
820         fprintf(out, "fuse prog -y 24 0 %08x 0103e0a9 1\n", val);
821
822         fprintf(out, "# lock (unused) fuse lines (0-23)s\n");
823         for (fuse_line = 0; fuse_line < 24; ++fuse_line)
824                 fprintf(out, "fuse prog -y %u 2 1\n", fuse_line);
825
826         fprintf(out, "# OK, that's all :-)\n");
827
828 done:
829         return ret;
830 }
831
832 static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
833 {
834         int ret = 0;
835         struct image_cfg_element *e;
836
837         e = image_find_option(IMAGE_CFG_SEC_FUSE_DUMP);
838         if (!e)
839                 return 0;
840
841         if (!strcmp(e->name, "a38x")) {
842                 FILE *out = fopen("kwb_fuses_a38x.txt", "w+");
843
844                 kwb_dump_fuse_cmds_38x(out, sec_hdr);
845                 fclose(out);
846                 goto done;
847         }
848
849         ret = -ENOSYS;
850
851 done:
852         return ret;
853 }
854
855 #endif
856
857 static void *image_create_v0(size_t *imagesz, struct image_tool_params *params,
858                              int payloadsz)
859 {
860         struct image_cfg_element *e;
861         size_t headersz;
862         struct main_hdr_v0 *main_hdr;
863         uint8_t *image;
864         int has_ext = 0;
865
866         /*
867          * Calculate the size of the header and the size of the
868          * payload
869          */
870         headersz  = sizeof(struct main_hdr_v0);
871
872         if (image_count_options(IMAGE_CFG_DATA) > 0) {
873                 has_ext = 1;
874                 headersz += sizeof(struct ext_hdr_v0);
875         }
876
877         if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
878                 fprintf(stderr, "More than one payload, not possible\n");
879                 return NULL;
880         }
881
882         image = malloc(headersz);
883         if (!image) {
884                 fprintf(stderr, "Cannot allocate memory for image\n");
885                 return NULL;
886         }
887
888         memset(image, 0, headersz);
889
890         main_hdr = (struct main_hdr_v0 *)image;
891
892         /* Fill in the main header */
893         main_hdr->blocksize =
894                 cpu_to_le32(payloadsz + sizeof(uint32_t) - headersz);
895         main_hdr->srcaddr   = cpu_to_le32(headersz);
896         main_hdr->ext       = has_ext;
897         main_hdr->destaddr  = cpu_to_le32(params->addr);
898         main_hdr->execaddr  = cpu_to_le32(params->ep);
899
900         e = image_find_option(IMAGE_CFG_BOOT_FROM);
901         if (e)
902                 main_hdr->blockid = e->bootfrom;
903         e = image_find_option(IMAGE_CFG_NAND_ECC_MODE);
904         if (e)
905                 main_hdr->nandeccmode = e->nandeccmode;
906         e = image_find_option(IMAGE_CFG_NAND_PAGESZ);
907         if (e)
908                 main_hdr->nandpagesize = cpu_to_le16(e->nandpagesz);
909         main_hdr->checksum = image_checksum8(image,
910                                              sizeof(struct main_hdr_v0));
911
912         /* Generate the ext header */
913         if (has_ext) {
914                 struct ext_hdr_v0 *ext_hdr;
915                 int cfgi, datai;
916
917                 ext_hdr = (struct ext_hdr_v0 *)
918                                 (image + sizeof(struct main_hdr_v0));
919                 ext_hdr->offset = cpu_to_le32(0x40);
920
921                 for (cfgi = 0, datai = 0; cfgi < cfgn; cfgi++) {
922                         e = &image_cfg[cfgi];
923                         if (e->type != IMAGE_CFG_DATA)
924                                 continue;
925
926                         ext_hdr->rcfg[datai].raddr =
927                                 cpu_to_le32(e->regdata.raddr);
928                         ext_hdr->rcfg[datai].rdata =
929                                 cpu_to_le32(e->regdata.rdata);
930                         datai++;
931                 }
932
933                 ext_hdr->checksum = image_checksum8(ext_hdr,
934                                                     sizeof(struct ext_hdr_v0));
935         }
936
937         *imagesz = headersz;
938         return image;
939 }
940
941 static size_t image_headersz_v1(int *hasext)
942 {
943         struct image_cfg_element *binarye;
944         size_t headersz;
945
946         /*
947          * Calculate the size of the header and the size of the
948          * payload
949          */
950         headersz = sizeof(struct main_hdr_v1);
951
952         if (image_count_options(IMAGE_CFG_BINARY) > 1) {
953                 fprintf(stderr, "More than one binary blob, not supported\n");
954                 return 0;
955         }
956
957         if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
958                 fprintf(stderr, "More than one payload, not possible\n");
959                 return 0;
960         }
961
962         binarye = image_find_option(IMAGE_CFG_BINARY);
963         if (binarye) {
964                 int ret;
965                 struct stat s;
966
967                 ret = stat(binarye->binary.file, &s);
968                 if (ret < 0) {
969                         char cwd[PATH_MAX];
970                         char *dir = cwd;
971
972                         memset(cwd, 0, sizeof(cwd));
973                         if (!getcwd(cwd, sizeof(cwd))) {
974                                 dir = "current working directory";
975                                 perror("getcwd() failed");
976                         }
977
978                         fprintf(stderr,
979                                 "Didn't find the file '%s' in '%s' which is mandatory to generate the image\n"
980                                 "This file generally contains the DDR3 training code, and should be extracted from an existing bootable\n"
981                                 "image for your board. See 'kwbimage -x' to extract it from an existing image.\n",
982                                 binarye->binary.file, dir);
983                         return 0;
984                 }
985
986                 headersz += sizeof(struct opt_hdr_v1) +
987                         s.st_size +
988                         (binarye->binary.nargs + 2) * sizeof(uint32_t);
989                 if (hasext)
990                         *hasext = 1;
991         }
992
993 #if defined(CONFIG_KWB_SECURE)
994         if (image_get_csk_index() >= 0) {
995                 headersz += sizeof(struct secure_hdr_v1);
996                 if (hasext)
997                         *hasext = 1;
998         }
999 #endif
1000
1001 #if defined(CONFIG_SYS_U_BOOT_OFFS)
1002         if (headersz > CONFIG_SYS_U_BOOT_OFFS) {
1003                 fprintf(stderr,
1004                         "Error: Image header (incl. SPL image) too big!\n");
1005                 fprintf(stderr, "header=0x%x CONFIG_SYS_U_BOOT_OFFS=0x%x!\n",
1006                         (int)headersz, CONFIG_SYS_U_BOOT_OFFS);
1007                 fprintf(stderr, "Increase CONFIG_SYS_U_BOOT_OFFS!\n");
1008                 return 0;
1009         }
1010
1011         headersz = CONFIG_SYS_U_BOOT_OFFS;
1012 #endif
1013
1014         /*
1015          * The payload should be aligned on some reasonable
1016          * boundary
1017          */
1018         return ALIGN_SUP(headersz, 4096);
1019 }
1020
1021 int add_binary_header_v1(uint8_t *cur)
1022 {
1023         struct image_cfg_element *binarye;
1024         struct opt_hdr_v1 *hdr = (struct opt_hdr_v1 *)cur;
1025         uint32_t *args;
1026         size_t binhdrsz;
1027         struct stat s;
1028         int argi;
1029         FILE *bin;
1030         int ret;
1031
1032         binarye = image_find_option(IMAGE_CFG_BINARY);
1033
1034         if (!binarye)
1035                 return 0;
1036
1037         hdr->headertype = OPT_HDR_V1_BINARY_TYPE;
1038
1039         bin = fopen(binarye->binary.file, "r");
1040         if (!bin) {
1041                 fprintf(stderr, "Cannot open binary file %s\n",
1042                         binarye->binary.file);
1043                 return -1;
1044         }
1045
1046         if (fstat(fileno(bin), &s)) {
1047                 fprintf(stderr, "Cannot stat binary file %s\n",
1048                         binarye->binary.file);
1049                 goto err_close;
1050         }
1051
1052         binhdrsz = sizeof(struct opt_hdr_v1) +
1053                 (binarye->binary.nargs + 2) * sizeof(uint32_t) +
1054                 s.st_size;
1055
1056         /*
1057          * The size includes the binary image size, rounded
1058          * up to a 4-byte boundary. Plus 4 bytes for the
1059          * next-header byte and 3-byte alignment at the end.
1060          */
1061         binhdrsz = ALIGN_SUP(binhdrsz, 4) + 4;
1062         hdr->headersz_lsb = cpu_to_le16(binhdrsz & 0xFFFF);
1063         hdr->headersz_msb = (binhdrsz & 0xFFFF0000) >> 16;
1064
1065         cur += sizeof(struct opt_hdr_v1);
1066
1067         args = (uint32_t *)cur;
1068         *args = cpu_to_le32(binarye->binary.nargs);
1069         args++;
1070         for (argi = 0; argi < binarye->binary.nargs; argi++)
1071                 args[argi] = cpu_to_le32(binarye->binary.args[argi]);
1072
1073         cur += (binarye->binary.nargs + 1) * sizeof(uint32_t);
1074
1075         ret = fread(cur, s.st_size, 1, bin);
1076         if (ret != 1) {
1077                 fprintf(stderr,
1078                         "Could not read binary image %s\n",
1079                         binarye->binary.file);
1080                 goto err_close;
1081         }
1082
1083         fclose(bin);
1084
1085         cur += ALIGN_SUP(s.st_size, 4);
1086
1087         /*
1088          * For now, we don't support more than one binary
1089          * header, and no other header types are
1090          * supported. So, the binary header is necessarily the
1091          * last one
1092          */
1093         *((uint32_t *)cur) = 0x00000000;
1094
1095         cur += sizeof(uint32_t);
1096
1097         return 0;
1098
1099 err_close:
1100         fclose(bin);
1101
1102         return -1;
1103 }
1104
1105 #if defined(CONFIG_KWB_SECURE)
1106
1107 int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
1108 {
1109         FILE *hashf;
1110         int res;
1111
1112         hashf = fopen("pub_kak_hash.txt", "w");
1113
1114         res = kwb_export_pubkey(kak, &secure_hdr->kak, hashf, "KAK");
1115
1116         fclose(hashf);
1117
1118         return res < 0 ? 1 : 0;
1119 }
1120
1121 int kwb_sign_csk_with_kak(struct image_tool_params *params,
1122                           struct secure_hdr_v1 *secure_hdr, RSA *csk)
1123 {
1124         RSA *kak = NULL;
1125         RSA *kak_pub = NULL;
1126         int csk_idx = image_get_csk_index();
1127         struct sig_v1 tmp_sig;
1128
1129         if (csk_idx >= 16) {
1130                 fprintf(stderr, "Invalid CSK index %d\n", csk_idx);
1131                 return 1;
1132         }
1133
1134         if (kwb_load_kak(params, &kak) < 0)
1135                 return 1;
1136
1137         if (export_pub_kak_hash(kak, secure_hdr))
1138                 return 1;
1139
1140         if (kwb_import_pubkey(&kak_pub, &secure_hdr->kak, "KAK") < 0)
1141                 return 1;
1142
1143         if (kwb_export_pubkey(csk, &secure_hdr->csk[csk_idx], NULL, "CSK") < 0)
1144                 return 1;
1145
1146         if (kwb_sign_and_verify(kak, &secure_hdr->csk,
1147                                 sizeof(secure_hdr->csk) +
1148                                 sizeof(secure_hdr->csksig),
1149                                 &tmp_sig, "CSK") < 0)
1150                 return 1;
1151
1152         if (kwb_verify(kak_pub, &secure_hdr->csk,
1153                        sizeof(secure_hdr->csk) +
1154                        sizeof(secure_hdr->csksig),
1155                        &tmp_sig, "CSK (2)") < 0)
1156                 return 1;
1157
1158         secure_hdr->csksig = tmp_sig;
1159
1160         return 0;
1161 }
1162
1163 int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
1164                          int payloadsz, size_t headersz, uint8_t *image,
1165                          struct secure_hdr_v1 *secure_hdr)
1166 {
1167         struct image_cfg_element *e_jtagdelay;
1168         struct image_cfg_element *e_boxid;
1169         struct image_cfg_element *e_flashid;
1170         RSA *csk = NULL;
1171         unsigned char *image_ptr;
1172         size_t image_size;
1173         struct sig_v1 tmp_sig;
1174         bool specialized_img = image_get_spezialized_img();
1175
1176         kwb_msg("Create secure header content\n");
1177
1178         e_jtagdelay = image_find_option(IMAGE_CFG_JTAG_DELAY);
1179         e_boxid = image_find_option(IMAGE_CFG_BOX_ID);
1180         e_flashid = image_find_option(IMAGE_CFG_FLASH_ID);
1181
1182         if (kwb_load_csk(params, &csk) < 0)
1183                 return 1;
1184
1185         secure_hdr->headertype = OPT_HDR_V1_SECURE_TYPE;
1186         secure_hdr->headersz_msb = 0;
1187         secure_hdr->headersz_lsb = cpu_to_le16(sizeof(struct secure_hdr_v1));
1188         if (e_jtagdelay)
1189                 secure_hdr->jtag_delay = e_jtagdelay->jtag_delay;
1190         if (e_boxid && specialized_img)
1191                 secure_hdr->boxid = cpu_to_le32(e_boxid->boxid);
1192         if (e_flashid && specialized_img)
1193                 secure_hdr->flashid = cpu_to_le32(e_flashid->flashid);
1194
1195         if (kwb_sign_csk_with_kak(params, secure_hdr, csk))
1196                 return 1;
1197
1198         image_ptr = ptr + headersz;
1199         image_size = payloadsz - headersz;
1200
1201         if (kwb_sign_and_verify(csk, image_ptr, image_size,
1202                                 &secure_hdr->imgsig, "image") < 0)
1203                 return 1;
1204
1205         if (kwb_sign_and_verify(csk, image, headersz, &tmp_sig, "header") < 0)
1206                 return 1;
1207
1208         secure_hdr->hdrsig = tmp_sig;
1209
1210         kwb_dump_fuse_cmds(secure_hdr);
1211
1212         return 0;
1213 }
1214 #endif
1215
1216 static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
1217                              uint8_t *ptr, int payloadsz)
1218 {
1219         struct image_cfg_element *e;
1220         struct main_hdr_v1 *main_hdr;
1221 #if defined(CONFIG_KWB_SECURE)
1222         struct secure_hdr_v1 *secure_hdr = NULL;
1223 #endif
1224         size_t headersz;
1225         uint8_t *image, *cur;
1226         int hasext = 0;
1227         uint8_t *next_ext = NULL;
1228
1229         /*
1230          * Calculate the size of the header and the size of the
1231          * payload
1232          */
1233         headersz = image_headersz_v1(&hasext);
1234         if (headersz == 0)
1235                 return NULL;
1236
1237         image = malloc(headersz);
1238         if (!image) {
1239                 fprintf(stderr, "Cannot allocate memory for image\n");
1240                 return NULL;
1241         }
1242
1243         memset(image, 0, headersz);
1244
1245         main_hdr = (struct main_hdr_v1 *)image;
1246         cur = image;
1247         cur += sizeof(struct main_hdr_v1);
1248         next_ext = &main_hdr->ext;
1249
1250         /* Fill the main header */
1251         main_hdr->blocksize    =
1252                 cpu_to_le32(payloadsz - headersz + sizeof(uint32_t));
1253         main_hdr->headersz_lsb = cpu_to_le16(headersz & 0xFFFF);
1254         main_hdr->headersz_msb = (headersz & 0xFFFF0000) >> 16;
1255         main_hdr->destaddr     = cpu_to_le32(params->addr)
1256                                  - sizeof(image_header_t);
1257         main_hdr->execaddr     = cpu_to_le32(params->ep);
1258         main_hdr->srcaddr      = cpu_to_le32(headersz);
1259         main_hdr->ext          = hasext;
1260         main_hdr->version      = 1;
1261         e = image_find_option(IMAGE_CFG_BOOT_FROM);
1262         if (e)
1263                 main_hdr->blockid = e->bootfrom;
1264         e = image_find_option(IMAGE_CFG_NAND_BLKSZ);
1265         if (e)
1266                 main_hdr->nandblocksize = e->nandblksz / (64 * 1024);
1267         e = image_find_option(IMAGE_CFG_NAND_BADBLK_LOCATION);
1268         if (e)
1269                 main_hdr->nandbadblklocation = e->nandbadblklocation;
1270         e = image_find_option(IMAGE_CFG_BAUDRATE);
1271         if (e)
1272                 main_hdr->options = baudrate_to_option(e->baudrate);
1273         e = image_find_option(IMAGE_CFG_DEBUG);
1274         if (e)
1275                 main_hdr->flags = e->debug ? 0x1 : 0;
1276
1277 #if defined(CONFIG_KWB_SECURE)
1278         if (image_get_csk_index() >= 0) {
1279                 /*
1280                  * only reserve the space here; we fill the header later since
1281                  * we need the header to be complete to compute the signatures
1282                  */
1283                 secure_hdr = (struct secure_hdr_v1 *)cur;
1284                 cur += sizeof(struct secure_hdr_v1);
1285                 next_ext = &secure_hdr->next;
1286         }
1287 #endif
1288         *next_ext = 1;
1289
1290         if (add_binary_header_v1(cur))
1291                 return NULL;
1292
1293 #if defined(CONFIG_KWB_SECURE)
1294         if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz,
1295                                                headersz, image, secure_hdr))
1296                 return NULL;
1297 #endif
1298
1299         /* Calculate and set the header checksum */
1300         main_hdr->checksum = image_checksum8(main_hdr, headersz);
1301
1302         *imagesz = headersz;
1303         return image;
1304 }
1305
1306 int recognize_keyword(char *keyword)
1307 {
1308         int kw_id;
1309
1310         for (kw_id = 1; kw_id < IMAGE_CFG_COUNT; ++kw_id)
1311                 if (!strcmp(keyword, id_strs[kw_id]))
1312                         return kw_id;
1313
1314         return 0;
1315 }
1316
1317 static int image_create_config_parse_oneline(char *line,
1318                                              struct image_cfg_element *el)
1319 {
1320         char *keyword, *saveptr, *value1, *value2;
1321         char delimiters[] = " \t";
1322         int keyword_id, ret, argi;
1323         char *unknown_msg = "Ignoring unknown line '%s'\n";
1324
1325         keyword = strtok_r(line, delimiters, &saveptr);
1326         keyword_id = recognize_keyword(keyword);
1327
1328         if (!keyword_id) {
1329                 fprintf(stderr, unknown_msg, line);
1330                 return 0;
1331         }
1332
1333         el->type = keyword_id;
1334
1335         value1 = strtok_r(NULL, delimiters, &saveptr);
1336
1337         if (!value1) {
1338                 fprintf(stderr, "Parameter missing in line '%s'\n", line);
1339                 return -1;
1340         }
1341
1342         switch (keyword_id) {
1343         case IMAGE_CFG_VERSION:
1344                 el->version = atoi(value1);
1345                 break;
1346         case IMAGE_CFG_BOOT_FROM:
1347                 ret = image_boot_mode_id(value1);
1348
1349                 if (ret < 0) {
1350                         fprintf(stderr, "Invalid boot media '%s'\n", value1);
1351                         return -1;
1352                 }
1353                 el->bootfrom = ret;
1354                 break;
1355         case IMAGE_CFG_NAND_BLKSZ:
1356                 el->nandblksz = strtoul(value1, NULL, 16);
1357                 break;
1358         case IMAGE_CFG_NAND_BADBLK_LOCATION:
1359                 el->nandbadblklocation = strtoul(value1, NULL, 16);
1360                 break;
1361         case IMAGE_CFG_NAND_ECC_MODE:
1362                 ret = image_nand_ecc_mode_id(value1);
1363
1364                 if (ret < 0) {
1365                         fprintf(stderr, "Invalid NAND ECC mode '%s'\n", value1);
1366                         return -1;
1367                 }
1368                 el->nandeccmode = ret;
1369                 break;
1370         case IMAGE_CFG_NAND_PAGESZ:
1371                 el->nandpagesz = strtoul(value1, NULL, 16);
1372                 break;
1373         case IMAGE_CFG_BINARY:
1374                 argi = 0;
1375
1376                 el->binary.file = strdup(value1);
1377                 while (1) {
1378                         char *value = strtok_r(NULL, delimiters, &saveptr);
1379
1380                         if (!value)
1381                                 break;
1382                         el->binary.args[argi] = strtoul(value, NULL, 16);
1383                         argi++;
1384                         if (argi >= BINARY_MAX_ARGS) {
1385                                 fprintf(stderr,
1386                                         "Too many arguments for BINARY\n");
1387                                 return -1;
1388                         }
1389                 }
1390                 el->binary.nargs = argi;
1391                 break;
1392         case IMAGE_CFG_DATA:
1393                 value2 = strtok_r(NULL, delimiters, &saveptr);
1394
1395                 if (!value1 || !value2) {
1396                         fprintf(stderr,
1397                                 "Invalid number of arguments for DATA\n");
1398                         return -1;
1399                 }
1400
1401                 el->regdata.raddr = strtoul(value1, NULL, 16);
1402                 el->regdata.rdata = strtoul(value2, NULL, 16);
1403                 break;
1404         case IMAGE_CFG_BAUDRATE:
1405                 el->baudrate = strtoul(value1, NULL, 10);
1406                 break;
1407         case IMAGE_CFG_DEBUG:
1408                 el->debug = strtoul(value1, NULL, 10);
1409                 break;
1410         case IMAGE_CFG_KAK:
1411                 el->key_name = strdup(value1);
1412                 break;
1413         case IMAGE_CFG_CSK:
1414                 el->key_name = strdup(value1);
1415                 break;
1416         case IMAGE_CFG_CSK_INDEX:
1417                 el->csk_idx = strtol(value1, NULL, 0);
1418                 break;
1419         case IMAGE_CFG_JTAG_DELAY:
1420                 el->jtag_delay = strtoul(value1, NULL, 0);
1421                 break;
1422         case IMAGE_CFG_BOX_ID:
1423                 el->boxid = strtoul(value1, NULL, 0);
1424                 break;
1425         case IMAGE_CFG_FLASH_ID:
1426                 el->flashid = strtoul(value1, NULL, 0);
1427                 break;
1428         case IMAGE_CFG_SEC_SPECIALIZED_IMG:
1429                 el->sec_specialized_img = true;
1430                 break;
1431         case IMAGE_CFG_SEC_COMMON_IMG:
1432                 el->sec_specialized_img = false;
1433                 break;
1434         case IMAGE_CFG_SEC_BOOT_DEV:
1435                 el->sec_boot_dev = strtoul(value1, NULL, 0);
1436                 break;
1437         case IMAGE_CFG_SEC_FUSE_DUMP:
1438                 el->name = strdup(value1);
1439                 break;
1440         default:
1441                 fprintf(stderr, unknown_msg, line);
1442         }
1443
1444         return 0;
1445 }
1446
1447 /*
1448  * Parse the configuration file 'fcfg' into the array of configuration
1449  * elements 'image_cfg', and return the number of configuration
1450  * elements in 'cfgn'.
1451  */
1452 static int image_create_config_parse(FILE *fcfg)
1453 {
1454         int ret;
1455         int cfgi = 0;
1456
1457         /* Parse the configuration file */
1458         while (!feof(fcfg)) {
1459                 char *line;
1460                 char buf[256];
1461
1462                 /* Read the current line */
1463                 memset(buf, 0, sizeof(buf));
1464                 line = fgets(buf, sizeof(buf), fcfg);
1465                 if (!line)
1466                         break;
1467
1468                 /* Ignore useless lines */
1469                 if (line[0] == '\n' || line[0] == '#')
1470                         continue;
1471
1472                 /* Strip final newline */
1473                 if (line[strlen(line) - 1] == '\n')
1474                         line[strlen(line) - 1] = 0;
1475
1476                 /* Parse the current line */
1477                 ret = image_create_config_parse_oneline(line,
1478                                                         &image_cfg[cfgi]);
1479                 if (ret)
1480                         return ret;
1481
1482                 cfgi++;
1483
1484                 if (cfgi >= IMAGE_CFG_ELEMENT_MAX) {
1485                         fprintf(stderr,
1486                                 "Too many configuration elements in .cfg file\n");
1487                         return -1;
1488                 }
1489         }
1490
1491         cfgn = cfgi;
1492         return 0;
1493 }
1494
1495 static int image_get_version(void)
1496 {
1497         struct image_cfg_element *e;
1498
1499         e = image_find_option(IMAGE_CFG_VERSION);
1500         if (!e)
1501                 return -1;
1502
1503         return e->version;
1504 }
1505
1506 static void kwbimage_set_header(void *ptr, struct stat *sbuf, int ifd,
1507                                 struct image_tool_params *params)
1508 {
1509         FILE *fcfg;
1510         void *image = NULL;
1511         int version;
1512         size_t headersz = 0;
1513         uint32_t checksum;
1514         int ret;
1515         int size;
1516
1517         fcfg = fopen(params->imagename, "r");
1518         if (!fcfg) {
1519                 fprintf(stderr, "Could not open input file %s\n",
1520                         params->imagename);
1521                 exit(EXIT_FAILURE);
1522         }
1523
1524         image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
1525                            sizeof(struct image_cfg_element));
1526         if (!image_cfg) {
1527                 fprintf(stderr, "Cannot allocate memory\n");
1528                 fclose(fcfg);
1529                 exit(EXIT_FAILURE);
1530         }
1531
1532         memset(image_cfg, 0,
1533                IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
1534         rewind(fcfg);
1535
1536         ret = image_create_config_parse(fcfg);
1537         fclose(fcfg);
1538         if (ret) {
1539                 free(image_cfg);
1540                 exit(EXIT_FAILURE);
1541         }
1542
1543         /* The MVEBU BootROM does not allow non word aligned payloads */
1544         sbuf->st_size = ALIGN_SUP(sbuf->st_size, 4);
1545
1546         version = image_get_version();
1547         switch (version) {
1548                 /*
1549                  * Fallback to version 0 if no version is provided in the
1550                  * cfg file
1551                  */
1552         case -1:
1553         case 0:
1554                 image = image_create_v0(&headersz, params, sbuf->st_size);
1555                 break;
1556
1557         case 1:
1558                 image = image_create_v1(&headersz, params, ptr, sbuf->st_size);
1559                 break;
1560
1561         default:
1562                 fprintf(stderr, "Unsupported version %d\n", version);
1563                 free(image_cfg);
1564                 exit(EXIT_FAILURE);
1565         }
1566
1567         if (!image) {
1568                 fprintf(stderr, "Could not create image\n");
1569                 free(image_cfg);
1570                 exit(EXIT_FAILURE);
1571         }
1572
1573         free(image_cfg);
1574
1575         /* Build and add image checksum header */
1576         checksum =
1577                 cpu_to_le32(image_checksum32((uint32_t *)ptr, sbuf->st_size));
1578         size = write(ifd, &checksum, sizeof(uint32_t));
1579         if (size != sizeof(uint32_t)) {
1580                 fprintf(stderr, "Error:%s - Checksum write %d bytes %s\n",
1581                         params->cmdname, size, params->imagefile);
1582                 exit(EXIT_FAILURE);
1583         }
1584
1585         sbuf->st_size += sizeof(uint32_t);
1586
1587         /* Finally copy the header into the image area */
1588         memcpy(ptr, image, headersz);
1589
1590         free(image);
1591 }
1592
1593 static void kwbimage_print_header(const void *ptr)
1594 {
1595         struct main_hdr_v0 *mhdr = (struct main_hdr_v0 *)ptr;
1596
1597         printf("Image Type:   MVEBU Boot from %s Image\n",
1598                image_boot_mode_name(mhdr->blockid));
1599         printf("Image version:%d\n", image_version((void *)ptr));
1600         printf("Data Size:    ");
1601         genimg_print_size(mhdr->blocksize - sizeof(uint32_t));
1602         printf("Load Address: %08x\n", mhdr->destaddr);
1603         printf("Entry Point:  %08x\n", mhdr->execaddr);
1604 }
1605
1606 static int kwbimage_check_image_types(uint8_t type)
1607 {
1608         if (type == IH_TYPE_KWBIMAGE)
1609                 return EXIT_SUCCESS;
1610
1611         return EXIT_FAILURE;
1612 }
1613
1614 static int kwbimage_verify_header(unsigned char *ptr, int image_size,
1615                                   struct image_tool_params *params)
1616 {
1617         uint8_t checksum;
1618         size_t header_size = kwbimage_header_size(ptr);
1619
1620         if (header_size > image_size)
1621                 return -FDT_ERR_BADSTRUCTURE;
1622
1623         if (!main_hdr_checksum_ok(ptr))
1624                 return -FDT_ERR_BADSTRUCTURE;
1625
1626         /* Only version 0 extended header has checksum */
1627         if (image_version((void *)ptr) == 0) {
1628                 struct ext_hdr_v0 *ext_hdr;
1629
1630                 ext_hdr = (struct ext_hdr_v0 *)
1631                                 (ptr + sizeof(struct main_hdr_v0));
1632                 checksum = image_checksum8(ext_hdr,
1633                                            sizeof(struct ext_hdr_v0)
1634                                            - sizeof(uint8_t));
1635                 if (checksum != ext_hdr->checksum)
1636                         return -FDT_ERR_BADSTRUCTURE;
1637         }
1638
1639         return 0;
1640 }
1641
1642 static int kwbimage_generate(struct image_tool_params *params,
1643                              struct image_type_params *tparams)
1644 {
1645         FILE *fcfg;
1646         int alloc_len;
1647         int version;
1648         void *hdr;
1649         int ret;
1650
1651         fcfg = fopen(params->imagename, "r");
1652         if (!fcfg) {
1653                 fprintf(stderr, "Could not open input file %s\n",
1654                         params->imagename);
1655                 exit(EXIT_FAILURE);
1656         }
1657
1658         image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
1659                            sizeof(struct image_cfg_element));
1660         if (!image_cfg) {
1661                 fprintf(stderr, "Cannot allocate memory\n");
1662                 fclose(fcfg);
1663                 exit(EXIT_FAILURE);
1664         }
1665
1666         memset(image_cfg, 0,
1667                IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
1668         rewind(fcfg);
1669
1670         ret = image_create_config_parse(fcfg);
1671         fclose(fcfg);
1672         if (ret) {
1673                 free(image_cfg);
1674                 exit(EXIT_FAILURE);
1675         }
1676
1677         version = image_get_version();
1678         switch (version) {
1679                 /*
1680                  * Fallback to version 0 if no version is provided in the
1681                  * cfg file
1682                  */
1683         case -1:
1684         case 0:
1685                 alloc_len = sizeof(struct main_hdr_v0) +
1686                         sizeof(struct ext_hdr_v0);
1687                 break;
1688
1689         case 1:
1690                 alloc_len = image_headersz_v1(NULL);
1691                 break;
1692
1693         default:
1694                 fprintf(stderr, "Unsupported version %d\n", version);
1695                 free(image_cfg);
1696                 exit(EXIT_FAILURE);
1697         }
1698
1699         free(image_cfg);
1700
1701         hdr = malloc(alloc_len);
1702         if (!hdr) {
1703                 fprintf(stderr, "%s: malloc return failure: %s\n",
1704                         params->cmdname, strerror(errno));
1705                 exit(EXIT_FAILURE);
1706         }
1707
1708         memset(hdr, 0, alloc_len);
1709         tparams->header_size = alloc_len;
1710         tparams->hdr = hdr;
1711
1712         /*
1713          * The resulting image needs to be 4-byte aligned. At least
1714          * the Marvell hdrparser tool complains if its unaligned.
1715          * By returning 1 here in this function, called via
1716          * tparams->vrec_header() in mkimage.c, mkimage will
1717          * automatically pad the the resulting image to a 4-byte
1718          * size if necessary.
1719          */
1720         return 1;
1721 }
1722
1723 /*
1724  * Report Error if xflag is set in addition to default
1725  */
1726 static int kwbimage_check_params(struct image_tool_params *params)
1727 {
1728         if (!strlen(params->imagename)) {
1729                 char *msg = "Configuration file for kwbimage creation omitted";
1730
1731                 fprintf(stderr, "Error:%s - %s\n", params->cmdname, msg);
1732                 return CFG_INVALID;
1733         }
1734
1735         return (params->dflag && (params->fflag || params->lflag)) ||
1736                 (params->fflag && (params->dflag || params->lflag)) ||
1737                 (params->lflag && (params->dflag || params->fflag)) ||
1738                 (params->xflag) || !(strlen(params->imagename));
1739 }
1740
1741 /*
1742  * kwbimage type parameters definition
1743  */
1744 U_BOOT_IMAGE_TYPE(
1745         kwbimage,
1746         "Marvell MVEBU Boot Image support",
1747         0,
1748         NULL,
1749         kwbimage_check_params,
1750         kwbimage_verify_header,
1751         kwbimage_print_header,
1752         kwbimage_set_header,
1753         NULL,
1754         kwbimage_check_image_types,
1755         NULL,
1756         kwbimage_generate
1757 );