1 // SPDX-License-Identifier: GPL-2.0+
3 * (C) Copyright 2018 Arm Ltd.
4 * (C) Copyright 2020-2021 Samuel Holland <samuel@sholland.org>
7 #define OPENSSL_API_COMPAT 0x10101000L
15 #include <openssl/asn1t.h>
16 #include <openssl/bn.h>
17 #include <openssl/pem.h>
18 #include <openssl/rsa.h>
21 #include <sunxi_image.h>
23 #include "imagetool.h"
27 * NAND requires 8K padding. For other devices, BROM requires only
28 * 512B padding, but let's use the larger padding to cover everything.
32 #define pr_fmt(fmt) "mkimage (TOC0): %s: " fmt
33 #define pr_err(fmt, args...) fprintf(stderr, pr_fmt(fmt), "error", ##args)
34 #define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args)
35 #define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args)
37 #if defined(LIBRESSL_VERSION_NUMBER)
38 #define RSA_get0_n(key) (key)->n
39 #define RSA_get0_e(key) (key)->e
40 #define RSA_get0_d(key) (key)->d
43 struct __packed toc0_key_item {
57 * This looks somewhat like an X.509 certificate, but it is not valid BER.
60 * - Some X.509 certificate fields are missing or rearranged.
61 * - Some sequences have the wrong tag.
62 * - Zero-length sequences are accepted.
63 * - Large strings and integers must be an even number of bytes long.
64 * - Positive integers are not zero-extended to maintain their sign.
66 * See https://linux-sunxi.org/TOC0 for more information.
68 struct __packed toc0_small_tag {
73 typedef struct toc0_small_tag toc0_small_int;
74 typedef struct toc0_small_tag toc0_small_oct;
75 typedef struct toc0_small_tag toc0_small_seq;
76 typedef struct toc0_small_tag toc0_small_exp;
78 #define TOC0_SMALL_INT(len) { 0x02, (len) }
79 #define TOC0_SMALL_SEQ(len) { 0x30, (len) }
80 #define TOC0_SMALL_EXP(tag, len) { 0xa0 | (tag), len }
82 struct __packed toc0_large_tag {
89 typedef struct toc0_large_tag toc0_large_int;
90 typedef struct toc0_large_tag toc0_large_bit;
91 typedef struct toc0_large_tag toc0_large_seq;
93 #define TOC0_LARGE_INT(len) { 0x02, 0x82, (len) >> 8, (len) & 0xff }
94 #define TOC0_LARGE_BIT(len) { 0x03, 0x82, (len) >> 8, (len) & 0xff }
95 #define TOC0_LARGE_SEQ(len) { 0x30, 0x82, (len) >> 8, (len) & 0xff }
97 struct __packed toc0_cert_item {
98 toc0_large_seq tag_totalSequence;
99 struct __packed toc0_totalSequence {
100 toc0_large_seq tag_mainSequence;
101 struct __packed toc0_mainSequence {
102 toc0_small_exp tag_explicit0;
103 struct __packed toc0_explicit0 {
104 toc0_small_int tag_version;
107 toc0_small_int tag_serialNumber;
108 uint8_t serialNumber;
109 toc0_small_seq tag_signature;
110 toc0_small_seq tag_issuer;
111 toc0_small_seq tag_validity;
112 toc0_small_seq tag_subject;
113 toc0_large_seq tag_subjectPublicKeyInfo;
114 struct __packed toc0_subjectPublicKeyInfo {
115 toc0_small_seq tag_algorithm;
116 toc0_large_seq tag_publicKey;
117 struct __packed toc0_publicKey {
118 toc0_large_int tag_n;
120 toc0_small_int tag_e;
123 } subjectPublicKeyInfo;
124 toc0_small_exp tag_explicit3;
125 struct __packed toc0_explicit3 {
126 toc0_small_seq tag_extension;
127 struct __packed toc0_extension {
128 toc0_small_int tag_digest;
133 toc0_large_bit tag_sigSequence;
134 struct __packed toc0_sigSequence {
135 toc0_small_seq tag_algorithm;
136 toc0_large_bit tag_signature;
137 uint8_t signature[256];
142 #define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
144 static const struct toc0_cert_item cert_item_template = {
145 TOC0_LARGE_SEQ(sizeof(struct toc0_totalSequence)),
147 TOC0_LARGE_SEQ(sizeof(struct toc0_mainSequence)),
149 TOC0_SMALL_EXP(0, sizeof(struct toc0_explicit0)),
151 TOC0_SMALL_INT(sizeof_field(struct toc0_explicit0, version)),
154 TOC0_SMALL_INT(sizeof_field(struct toc0_mainSequence, serialNumber)),
160 TOC0_LARGE_SEQ(sizeof(struct toc0_subjectPublicKeyInfo)),
163 TOC0_LARGE_SEQ(sizeof(struct toc0_publicKey)),
165 TOC0_LARGE_INT(sizeof_field(struct toc0_publicKey, n)),
167 TOC0_SMALL_INT(sizeof_field(struct toc0_publicKey, e)),
171 TOC0_SMALL_EXP(3, sizeof(struct toc0_explicit3)),
173 TOC0_SMALL_SEQ(sizeof(struct toc0_extension)),
175 TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)),
180 TOC0_LARGE_BIT(sizeof(struct toc0_sigSequence)),
183 TOC0_LARGE_BIT(sizeof_field(struct toc0_sigSequence, signature)),
189 #define TOC0_DEFAULT_NUM_ITEMS 3
190 #define TOC0_DEFAULT_HEADER_LEN \
192 sizeof(struct toc0_main_info) + \
193 sizeof(struct toc0_item_info) * TOC0_DEFAULT_NUM_ITEMS + \
194 sizeof(struct toc0_cert_item) + \
195 sizeof(struct toc0_key_item), \
198 static char *fw_key_file = "fw_key.pem";
199 static char *key_item_file = "key_item.bin";
200 static char *root_key_file = "root_key.pem";
203 * Create a key item in @buf, containing the public keys @root_key and @fw_key,
204 * and signed by the RSA key @root_key.
206 static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
207 RSA *root_key, RSA *fw_key)
209 struct toc0_key_item *key_item = (void *)buf;
210 uint8_t digest[SHA256_DIGEST_LENGTH];
211 int ret = EXIT_FAILURE;
212 unsigned int sig_len;
216 n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0);
217 e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len);
218 if (n_len + e_len > sizeof(key_item->key0)) {
219 pr_err("Root key is too big for key item\n");
222 key_item->key0_n_len = cpu_to_le32(n_len);
223 key_item->key0_e_len = cpu_to_le32(e_len);
226 n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1);
227 e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len);
228 if (n_len + e_len > sizeof(key_item->key1)) {
229 pr_err("Firmware key is too big for key item\n");
232 key_item->key1_n_len = cpu_to_le32(n_len);
233 key_item->key1_e_len = cpu_to_le32(e_len);
235 /* Sign the key item. */
236 key_item->sig_len = cpu_to_le32(RSA_size(root_key));
237 SHA256(buf, key_item->sig - buf, digest);
238 if (!RSA_sign(NID_sha256, digest, sizeof(digest),
239 key_item->sig, &sig_len, root_key)) {
240 pr_err("Failed to sign key item\n");
243 if (sig_len != sizeof(key_item->sig)) {
244 pr_err("Bad key item signature length\n");
248 *len = sizeof(*key_item);
256 * Verify the key item in @buf, containing two public keys @key0 and @key1,
257 * and signed by the RSA key @key0. If @root_key is provided, only signatures
258 * by that key will be accepted. @key1 is returned in @key.
260 static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
261 RSA *root_key, RSA **fw_key)
263 struct toc0_key_item *key_item = (void *)buf;
264 uint8_t digest[SHA256_DIGEST_LENGTH];
265 int ret = EXIT_FAILURE;
271 if (len < sizeof(*key_item))
275 n_len = le32_to_cpu(key_item->key0_n_len);
276 e_len = le32_to_cpu(key_item->key0_e_len);
277 if (n_len + e_len > sizeof(key_item->key0)) {
278 pr_err("Bad root key size in key item\n");
281 n = BN_bin2bn(key_item->key0, n_len, NULL);
282 e = BN_bin2bn(key_item->key0 + n_len, e_len, NULL);
286 if (!RSA_set0_key(key0, n, e, NULL))
289 /* If a root key was provided, compare it to key 0. */
290 if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) ||
291 BN_cmp(e, RSA_get0_e(root_key)))) {
292 pr_err("Wrong root key in key item\n");
296 /* Verify the key item signature. */
297 SHA256(buf, key_item->sig - buf, digest);
298 if (!RSA_verify(NID_sha256, digest, sizeof(digest),
299 key_item->sig, le32_to_cpu(key_item->sig_len), key0)) {
300 pr_err("Bad key item signature\n");
306 n_len = le32_to_cpu(key_item->key1_n_len);
307 e_len = le32_to_cpu(key_item->key1_e_len);
308 if (n_len + e_len > sizeof(key_item->key1)) {
309 pr_err("Bad firmware key size in key item\n");
312 n = BN_bin2bn(key_item->key1, n_len, NULL);
313 e = BN_bin2bn(key_item->key1 + n_len, e_len, NULL);
317 if (!RSA_set0_key(key1, n, e, NULL))
321 /* If a FW key was provided, compare it to key 1. */
322 if (BN_cmp(n, RSA_get0_n(*fw_key)) ||
323 BN_cmp(e, RSA_get0_e(*fw_key))) {
324 pr_err("Wrong firmware key in key item\n");
328 /* Otherwise, send key1 back to the caller. */
344 * Create a certificate in @buf, describing the firmware with SHA256 digest
345 * @digest, and signed by the RSA key @fw_key.
347 static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key,
348 uint8_t digest[static SHA256_DIGEST_LENGTH])
350 struct toc0_cert_item *cert_item = (void *)buf;
351 uint8_t cert_digest[SHA256_DIGEST_LENGTH];
352 struct toc0_totalSequence *totalSequence;
353 struct toc0_sigSequence *sigSequence;
354 struct toc0_extension *extension;
355 struct toc0_publicKey *publicKey;
356 int ret = EXIT_FAILURE;
357 unsigned int sig_len;
359 memcpy(cert_item, &cert_item_template, sizeof(*cert_item));
360 *len = sizeof(*cert_item);
363 * Fill in the public key.
365 * Only 2048-bit RSA keys are supported. Since this uses a fixed-size
366 * structure, it may fail for non-standard exponents.
368 totalSequence = &cert_item->totalSequence;
369 publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
370 if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 ||
371 BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) {
372 pr_err("Firmware key is too big for certificate\n");
376 /* Fill in the firmware digest. */
377 extension = &totalSequence->mainSequence.explicit3.extension;
378 memcpy(&extension->digest, digest, SHA256_DIGEST_LENGTH);
381 * Sign the certificate.
383 * In older SBROM versions (and by default in newer versions),
384 * the last 4 bytes of the certificate are not signed.
386 * (The buffer passed to SHA256 starts at tag_mainSequence, but
387 * the buffer size does not include the length of that tag.)
389 SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest);
390 sigSequence = &totalSequence->sigSequence;
391 if (!RSA_sign(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH,
392 sigSequence->signature, &sig_len, fw_key)) {
393 pr_err("Failed to sign certificate\n");
396 if (sig_len != sizeof(sigSequence->signature)) {
397 pr_err("Bad certificate signature length\n");
408 * Verify the certificate in @buf, describing the firmware with SHA256 digest
409 * @digest, and signed by the RSA key contained within. If @fw_key is provided,
410 * only that key will be accepted.
412 * This function is only expected to work with images created by mkimage.
414 static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key,
415 uint8_t digest[static SHA256_DIGEST_LENGTH])
417 const struct toc0_cert_item *cert_item = (const void *)buf;
418 uint8_t cert_digest[SHA256_DIGEST_LENGTH];
419 const struct toc0_totalSequence *totalSequence;
420 const struct toc0_sigSequence *sigSequence;
421 const struct toc0_extension *extension;
422 const struct toc0_publicKey *publicKey;
423 int ret = EXIT_FAILURE;
427 /* Extract the public key from the certificate. */
428 totalSequence = &cert_item->totalSequence;
429 publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
430 n = BN_bin2bn(publicKey->n, sizeof(publicKey->n), NULL);
431 e = BN_bin2bn(publicKey->e, sizeof(publicKey->e), NULL);
435 if (!RSA_set0_key(key, n, e, NULL))
438 /* If a key was provided, compare it to the embedded key. */
439 if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) ||
440 BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) {
441 pr_err("Wrong firmware key in certificate\n");
445 /* If a digest was provided, compare it to the embedded digest. */
446 extension = &totalSequence->mainSequence.explicit3.extension;
447 if (digest && memcmp(&extension->digest, digest, SHA256_DIGEST_LENGTH)) {
448 pr_err("Wrong firmware digest in certificate\n");
452 /* Verify the certificate's signature. See the comment above. */
453 SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest);
454 sigSequence = &totalSequence->sigSequence;
455 if (!RSA_verify(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH,
456 sigSequence->signature,
457 sizeof(sigSequence->signature), key)) {
458 pr_err("Bad certificate signature\n");
471 * Always create a TOC0 containing 3 items. The extra item will be ignored on
472 * SoCs which do not support it.
474 static int toc0_create(uint8_t *buf, uint32_t len, RSA *root_key, RSA *fw_key,
475 uint8_t *key_item, uint32_t key_item_len,
476 uint8_t *fw_item, uint32_t fw_item_len, uint32_t fw_addr)
478 struct toc0_main_info *main_info = (void *)buf;
479 struct toc0_item_info *item_info = (void *)(main_info + 1);
480 uint8_t digest[SHA256_DIGEST_LENGTH];
481 uint32_t *buf32 = (void *)buf;
482 RSA *orig_fw_key = fw_key;
483 int ret = EXIT_FAILURE;
484 uint32_t checksum = 0;
485 uint32_t item_offset;
486 uint32_t item_length;
489 /* Hash the firmware for inclusion in the certificate. */
490 SHA256(fw_item, fw_item_len, digest);
492 /* Create the main TOC0 header, containing three items. */
493 memcpy(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name));
494 main_info->magic = cpu_to_le32(TOC0_MAIN_INFO_MAGIC);
495 main_info->checksum = cpu_to_le32(BROM_STAMP_VALUE);
496 main_info->num_items = cpu_to_le32(TOC0_DEFAULT_NUM_ITEMS);
497 memcpy(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end));
499 /* The first item links the ROTPK to the signing key. */
500 item_offset = sizeof(*main_info) +
501 sizeof(*item_info) * TOC0_DEFAULT_NUM_ITEMS;
502 /* Using an existing key item avoids needing the root private key. */
504 item_length = sizeof(*key_item);
505 if (toc0_verify_key_item(key_item, item_length,
508 memcpy(buf + item_offset, key_item, item_length);
509 } else if (toc0_create_key_item(buf + item_offset, &item_length,
514 item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_KEY);
515 item_info->offset = cpu_to_le32(item_offset);
516 item_info->length = cpu_to_le32(item_length);
517 memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end));
519 /* The second item contains a certificate signed by the firmware key. */
520 item_offset = item_offset + item_length;
521 if (toc0_create_cert_item(buf + item_offset, &item_length,
526 item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_CERT);
527 item_info->offset = cpu_to_le32(item_offset);
528 item_info->length = cpu_to_le32(item_length);
529 memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end));
531 /* The third item contains the actual boot code. */
532 item_offset = ALIGN(item_offset + item_length, 32);
533 item_length = fw_item_len;
534 if (buf + item_offset != fw_item)
535 memmove(buf + item_offset, fw_item, item_length);
538 item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_FIRMWARE);
539 item_info->offset = cpu_to_le32(item_offset);
540 item_info->length = cpu_to_le32(item_length);
541 item_info->load_addr = cpu_to_le32(fw_addr);
542 memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end));
544 /* Pad to the required block size with 0xff to be flash-friendly. */
545 item_offset = item_offset + item_length;
546 item_length = ALIGN(item_offset, PAD_SIZE) - item_offset;
547 memset(buf + item_offset, 0xff, item_length);
549 /* Fill in the total padded file length. */
550 item_offset = item_offset + item_length;
551 main_info->length = cpu_to_le32(item_offset);
553 /* Verify enough space was provided when creating the image. */
554 assert(len >= item_offset);
556 /* Calculate the checksum. Yes, it's that simple. */
557 for (i = 0; i < item_offset / 4; ++i)
558 checksum += le32_to_cpu(buf32[i]);
559 main_info->checksum = cpu_to_le32(checksum);
564 if (fw_key != orig_fw_key)
570 static const struct toc0_item_info *
571 toc0_find_item(const struct toc0_main_info *main_info, uint32_t name,
572 uint32_t *offset, uint32_t *length)
574 const struct toc0_item_info *item_info = (void *)(main_info + 1);
575 uint32_t item_offset, item_length;
576 uint32_t num_items, main_length;
579 num_items = le32_to_cpu(main_info->num_items);
580 main_length = le32_to_cpu(main_info->length);
582 for (i = 0; i < num_items; ++i, ++item_info) {
583 if (le32_to_cpu(item_info->name) != name)
586 item_offset = le32_to_cpu(item_info->offset);
587 item_length = le32_to_cpu(item_info->length);
589 if (item_offset > main_length ||
590 item_length > main_length - item_offset)
593 *offset = item_offset;
594 *length = item_length;
602 static int toc0_verify(const uint8_t *buf, uint32_t len, RSA *root_key)
604 const struct toc0_main_info *main_info = (void *)buf;
605 const struct toc0_item_info *item_info;
606 uint8_t digest[SHA256_DIGEST_LENGTH];
607 uint32_t main_length = le32_to_cpu(main_info->length);
608 uint32_t checksum = BROM_STAMP_VALUE;
609 uint32_t *buf32 = (void *)buf;
610 uint32_t length, offset;
611 int ret = EXIT_FAILURE;
615 if (len < main_length)
618 /* Verify the main header. */
619 if (memcmp(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name)))
621 if (le32_to_cpu(main_info->magic) != TOC0_MAIN_INFO_MAGIC)
623 /* Verify the checksum without modifying the buffer. */
624 for (i = 0; i < main_length / 4; ++i)
625 checksum += le32_to_cpu(buf32[i]);
626 if (checksum != 2 * le32_to_cpu(main_info->checksum))
628 /* The length must be at least 512 byte aligned. */
629 if (main_length % 512)
631 if (memcmp(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end)))
634 /* Verify the key item if present (it is optional). */
635 item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_KEY,
639 else if (toc0_verify_key_item(buf + offset, length, root_key, &fw_key))
642 /* Hash the firmware to compare with the certificate. */
643 item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_FIRMWARE,
646 pr_err("Missing firmware item\n");
649 SHA256(buf + offset, length, digest);
651 /* Verify the certificate item. */
652 item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_CERT,
655 pr_err("Missing certificate item\n");
658 if (toc0_verify_cert_item(buf + offset, length, fw_key, digest))
664 if (fw_key != root_key)
670 static int toc0_check_params(struct image_tool_params *params)
676 * If a key directory was provided, look for key files there.
677 * Otherwise, look for them in the current directory. The key files are
678 * the "quoted" terms in the description below.
680 * A summary of the chain of trust on most SoCs:
681 * 1) eFuse contains a SHA256 digest of the public "root key".
682 * 2) Private "root key" signs the certificate item (generated here).
683 * 3) Certificate item contains a SHA256 digest of the firmware item.
685 * A summary of the chain of trust on the H6 (by default; a bit in the
686 * BROM_CONFIG eFuse makes it work like above):
687 * 1) eFuse contains a SHA256 digest of the public "root key".
688 * 2) Private "root key" signs the "key item" (generated here).
689 * 3) "Key item" contains the public "root key" and public "fw key".
690 * 4) Private "fw key" signs the certificate item (generated here).
691 * 5) Certificate item contains a SHA256 digest of the firmware item.
693 * This means there are three valid ways to generate a TOC0:
694 * 1) Provide the private "root key" only. This works everywhere.
695 * For H6, the "root key" will also be used as the "fw key".
696 * 2) FOR H6 ONLY: Provide the private "root key" and a separate
698 * 3) FOR H6 ONLY: Provide the private "fw key" and a pre-existing
699 * "key item" containing the corresponding public "fw key".
700 * In this case, the private "root key" can be kept offline. The
701 * "key item" can be extracted from a TOC0 image generated using
704 * Note that until the ROTPK_HASH eFuse is programmed, any "root key"
705 * will be accepted by the BROM.
707 if (params->keydir) {
708 if (asprintf(&fw_key_file, "%s/%s", params->keydir, fw_key_file) < 0)
710 if (asprintf(&key_item_file, "%s/%s", params->keydir, key_item_file) < 0)
712 if (asprintf(&root_key_file, "%s/%s", params->keydir, root_key_file) < 0)
719 static int toc0_verify_header(unsigned char *buf, int image_size,
720 struct image_tool_params *params)
722 int ret = EXIT_FAILURE;
723 RSA *root_key = NULL;
726 /* A root public key is optional. */
727 fp = fopen(root_key_file, "rb");
729 pr_info("Verifying image with existing root key\n");
730 root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
732 root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL);
735 pr_err("Failed to read public key from '%s'\n",
741 ret = toc0_verify(buf, image_size, root_key);
749 static const char *toc0_item_name(uint32_t name)
751 if (name == TOC0_ITEM_INFO_NAME_CERT)
752 return "Certificate";
753 if (name == TOC0_ITEM_INFO_NAME_FIRMWARE)
755 if (name == TOC0_ITEM_INFO_NAME_KEY)
760 static void toc0_print_header(const void *buf)
762 const struct toc0_main_info *main_info = buf;
763 const struct toc0_item_info *item_info = (void *)(main_info + 1);
764 uint32_t head_length, main_length, num_items;
765 uint32_t item_offset, item_length, item_name;
769 num_items = le32_to_cpu(main_info->num_items);
770 head_length = sizeof(*main_info) + num_items * sizeof(*item_info);
771 main_length = le32_to_cpu(main_info->length);
773 printf("Allwinner TOC0 Image\n"
775 "Contents: %d items\n"
776 " 00000000:%08x Headers\n",
777 main_length, num_items, head_length);
779 for (i = 0; i < num_items; ++i, ++item_info) {
780 item_offset = le32_to_cpu(item_info->offset);
781 item_length = le32_to_cpu(item_info->length);
782 item_name = le32_to_cpu(item_info->name);
784 if (item_name == TOC0_ITEM_INFO_NAME_FIRMWARE)
785 load_addr = le32_to_cpu(item_info->load_addr);
787 printf(" %08x:%08x %s\n",
788 item_offset, item_length,
789 toc0_item_name(item_name));
792 if (num_items && item_offset + item_length < main_length) {
793 item_offset = item_offset + item_length;
794 item_length = main_length - item_offset;
796 printf(" %08x:%08x Padding\n",
797 item_offset, item_length);
801 printf("Load address: 0x%08x\n", load_addr);
804 static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
805 struct image_tool_params *params)
807 uint32_t key_item_len = 0;
808 uint8_t *key_item = NULL;
809 int ret = EXIT_FAILURE;
810 RSA *root_key = NULL;
814 /* Either a key item or the root private key is required. */
815 fp = fopen(key_item_file, "rb");
817 pr_info("Creating image using existing key item\n");
818 key_item_len = sizeof(struct toc0_key_item);
819 key_item = OPENSSL_malloc(key_item_len);
820 if (!key_item || fread(key_item, key_item_len, 1, fp) != 1) {
821 pr_err("Failed to read key item from '%s'\n",
829 fp = fopen(root_key_file, "rb");
831 root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
833 root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL);
838 /* When using an existing key item, the root key is optional. */
839 if (!key_item && (!root_key || !RSA_get0_d(root_key))) {
840 pr_err("Failed to read private key from '%s'\n",
842 pr_info("Try 'openssl genrsa -out root_key.pem'\n");
846 /* The certificate/firmware private key is always required. */
847 fp = fopen(fw_key_file, "rb");
849 fw_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
854 /* If the root key is a private key, it can be used instead. */
855 if (root_key && RSA_get0_d(root_key)) {
856 pr_info("Using root key as firmware key\n");
859 pr_err("Failed to read private key from '%s'\n",
865 /* Warn about potential compatibility issues. */
866 if (key_item || fw_key != root_key)
867 pr_warn("Only H6 supports separate root and firmware keys\n");
869 ret = toc0_create(buf, params->file_size, root_key, fw_key,
870 key_item, key_item_len,
871 buf + TOC0_DEFAULT_HEADER_LEN,
872 params->orig_file_size, params->addr);
875 OPENSSL_free(key_item);
876 OPENSSL_free(root_key);
877 if (fw_key != root_key)
878 OPENSSL_free(fw_key);
882 if (ret != EXIT_SUCCESS)
886 static int toc0_check_image_type(uint8_t type)
888 return type == IH_TYPE_SUNXI_TOC0 ? 0 : 1;
891 static int toc0_vrec_header(struct image_tool_params *params,
892 struct image_type_params *tparams)
894 tparams->hdr = calloc(tparams->header_size, 1);
896 /* Save off the unpadded data size for SHA256 calculation. */
897 params->orig_file_size = params->file_size - TOC0_DEFAULT_HEADER_LEN;
899 /* Return padding to 8K blocks. */
900 return ALIGN(params->file_size, PAD_SIZE) - params->file_size;
905 "Allwinner TOC0 Boot Image support",
906 TOC0_DEFAULT_HEADER_LEN,
913 toc0_check_image_type,