#ifdef USE_HOSTCC
#include <sys/types.h>
+#include <linux/kconfig.h>
-/* new uImage format support enabled on host */
-#define IMAGE_ENABLE_FIT 1
-#define IMAGE_ENABLE_OF_LIBFDT 1
-#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
-#define CONFIG_FIT_RSASSA_PSS 1
-#define CONFIG_FIT_SHA256
-#define CONFIG_FIT_SHA384
-#define CONFIG_FIT_SHA512
-#define CONFIG_SHA1
-#define CONFIG_SHA256
-#define CONFIG_SHA384
-#define CONFIG_SHA512
-
-#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
#else
#include <command.h>
#include <linker_lists.h>
-/* Take notice of the 'ignore' property for hashes */
-#define IMAGE_ENABLE_IGNORE 1
#define IMAGE_INDENT_STRING " "
-#define IMAGE_ENABLE_FIT CONFIG_IS_ENABLED(FIT)
-#define IMAGE_ENABLE_OF_LIBFDT CONFIG_IS_ENABLED(OF_LIBFDT)
-
#endif /* USE_HOSTCC */
-#if IMAGE_ENABLE_FIT
#include <hash.h>
#include <linux/libfdt.h>
#include <fdt_support.h>
-# ifdef CONFIG_SPL_BUILD
-# ifdef CONFIG_SPL_CRC32
-# define IMAGE_ENABLE_CRC32 1
-# endif
-# ifdef CONFIG_SPL_MD5
-# define IMAGE_ENABLE_MD5 1
-# endif
-# else
-# define IMAGE_ENABLE_CRC32 1
-# define IMAGE_ENABLE_MD5 1
-# endif
-
-#ifndef IMAGE_ENABLE_CRC32
-#define IMAGE_ENABLE_CRC32 0
-#endif
-
-#ifndef IMAGE_ENABLE_MD5
-#define IMAGE_ENABLE_MD5 0
-#endif
-
-#endif /* IMAGE_ENABLE_FIT */
-
-#ifdef CONFIG_SYS_BOOT_GET_CMDLINE
-# define IMAGE_BOOT_GET_CMDLINE 1
-#else
-# define IMAGE_BOOT_GET_CMDLINE 0
-#endif
-
-#ifdef CONFIG_OF_BOARD_SETUP
-# define IMAGE_OF_BOARD_SETUP 1
-#else
-# define IMAGE_OF_BOARD_SETUP 0
-#endif
-
-#ifdef CONFIG_OF_SYSTEM_SETUP
-# define IMAGE_OF_SYSTEM_SETUP 1
-#else
-# define IMAGE_OF_SYSTEM_SETUP 0
-#endif
+#include <u-boot/hash-checksum.h>
extern ulong image_load_addr; /* Default Load Address */
extern ulong image_save_addr; /* Default Save Address */
image_header_t legacy_hdr_os_copy; /* header copy */
ulong legacy_hdr_valid;
-#if IMAGE_ENABLE_FIT
+ /*
+ * The fit_ members are only used with FIT, but it involves a lot of
+ * #ifdefs to avoid compiling that code. Since FIT is the standard
+ * format, even for SPL, this extra data size seems worth it.
+ */
const char *fit_uname_cfg; /* configuration node unit name */
void *fit_hdr_os; /* os FIT image header */
void *fit_hdr_setup; /* x86 setup FIT image header */
const char *fit_uname_setup; /* x86 setup subimage node name */
int fit_noffset_setup;/* x86 setup subimage node offset */
-#endif
#ifndef USE_HOSTCC
image_info_t os; /* os image info */
* genimg_get_os_short_name() - get the short name for an OS
*
* @param os OS (IH_OS_...)
- * @return OS short name, or "unknown" if unknown
+ * Return: OS short name, or "unknown" if unknown
*/
const char *genimg_get_os_short_name(uint8_t comp);
* genimg_get_arch_short_name() - get the short name for an architecture
*
* @param arch Architecture type (IH_ARCH_...)
- * @return architecture short name, or "unknown" if unknown
+ * Return: architecture short name, or "unknown" if unknown
*/
const char *genimg_get_arch_short_name(uint8_t arch);
* genimg_get_type_short_name() - get the short name for an image type
*
* @param type Image type (IH_TYPE_...)
- * @return image short name, or "unknown" if unknown
+ * Return: image short name, or "unknown" if unknown
*/
const char *genimg_get_type_short_name(uint8_t type);
* genimg_get_comp_short_name() - get the short name for a compression method
*
* @param comp compression method (IH_COMP_...)
- * @return compression method short name, or "unknown" if unknown
+ * Return: compression method short name, or "unknown" if unknown
*/
const char *genimg_get_comp_short_name(uint8_t comp);
*
* @category: Category of item
* @id: Item ID
- * @return name of item, or "Unknown ..." if unknown
+ * Return: name of item, or "Unknown ..." if unknown
*/
const char *genimg_get_cat_name(enum ih_category category, uint id);
*
* @category: Category of item
* @id: Item ID
- * @return short name of item, or "Unknown ..." if unknown
+ * Return: short name of item, or "Unknown ..." if unknown
*/
const char *genimg_get_cat_short_name(enum ih_category category, uint id);
* genimg_get_cat_count() - Get the number of items in a category
*
* @category: Category to check
- * @return the number of items in the category (IH_xxx_COUNT)
+ * Return: the number of items in the category (IH_xxx_COUNT)
*/
int genimg_get_cat_count(enum ih_category category);
* genimg_get_cat_desc() - Get the description of a category
*
* @category: Category to check
- * @return the description of a category, e.g. "architecture". This
+ * Return: the description of a category, e.g. "architecture". This
* effectively converts the enum to a string.
*/
const char *genimg_get_cat_desc(enum ih_category category);
*
* @category: Category to check
* @id: Item ID
- * @return true or false as to whether a category has an item
+ * Return: true or false as to whether a category has an item
*/
bool genimg_cat_has_id(enum ih_category category, uint id);
int genimg_get_comp_id(const char *name);
void genimg_print_size(uint32_t size);
-#if defined(CONFIG_TIMESTAMP) || defined(CONFIG_CMD_DATE) || \
- defined(USE_HOSTCC)
+#if defined(CONFIG_TIMESTAMP) || defined(CONFIG_CMD_DATE) || defined(USE_HOSTCC)
#define IMAGE_ENABLE_TIMESTAMP 1
#else
#define IMAGE_ENABLE_TIMESTAMP 0
int boot_get_setup(bootm_headers_t *images, uint8_t arch, ulong *setup_start,
ulong *setup_len);
-#ifndef USE_HOSTCC
/* Image format types, returned by _get_format() routine */
#define IMAGE_FORMAT_INVALID 0x00
-#if defined(CONFIG_LEGACY_IMAGE_FORMAT)
#define IMAGE_FORMAT_LEGACY 0x01 /* legacy image_header based format */
-#endif
#define IMAGE_FORMAT_FIT 0x02 /* new, libfdt based format */
#define IMAGE_FORMAT_ANDROID 0x03 /* Android boot image */
*/
int boot_get_loadable(int argc, char *const argv[], bootm_headers_t *images,
uint8_t arch, const ulong *ld_start, ulong *const ld_len);
-#endif /* !USE_HOSTCC */
int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
ulong *setup_start, ulong *setup_len);
* @param datap Returns address of loaded image
* @param lenp Returns length of loaded image
*
- * @return node offset of base image, or -ve error code on error
+ * Return: node offset of base image, or -ve error code on error
*/
int boot_get_fdt_fit(bootm_headers_t *images, ulong addr,
const char **fit_unamep, const char **fit_uname_configp,
* @param load_op Decribes what to do with the load address
* @param datap Returns address of loaded image
* @param lenp Returns length of loaded image
- * @return node offset of image, or -ve error code on error
+ * Return: node offset of image, or -ve error code on error
*/
int fit_image_load(bootm_headers_t *images, ulong addr,
const char **fit_unamep, const char **fit_uname_configp,
*
* @addr: Address of script
* @fit_uname: FIT subimage name
- * @return result code (enum command_ret_t)
+ * Return: result code (enum command_ret_t)
*/
int image_source_script(ulong addr, const char *fit_uname);
-#ifndef USE_HOSTCC
/**
* fit_get_node_from_config() - Look up an image a FIT by type
*
int boot_ramdisk_high(struct lmb *lmb, ulong rd_data, ulong rd_len,
ulong *initrd_start, ulong *initrd_end);
int boot_get_cmdline(struct lmb *lmb, ulong *cmd_start, ulong *cmd_end);
-#ifdef CONFIG_SYS_BOOT_GET_KBD
int boot_get_kbd(struct lmb *lmb, struct bd_info **kbd);
-#endif /* CONFIG_SYS_BOOT_GET_KBD */
-#endif /* !USE_HOSTCC */
/*******************************************************************/
/* Legacy format specific code (prefixed with image_) */
}
static inline int image_check_arch(const image_header_t *hdr, uint8_t arch)
{
-#ifndef USE_HOSTCC
/* Let's assume that sandbox can load any architecture */
- if (IS_ENABLED(CONFIG_SANDBOX))
+ if (!tools_build() && IS_ENABLED(CONFIG_SANDBOX))
return true;
-#endif
return (image_get_arch(hdr) == arch) ||
(image_get_arch(hdr) == IH_ARCH_ARM && arch == IH_ARCH_ARM64);
}
*
* @buf: Address in U-Boot memory where image is loaded.
* @len: Length of the compressed image.
- * @return compression type or IH_COMP_NONE if not compressed.
+ * Return: compression type or IH_COMP_NONE if not compressed.
*
* Note: Only following compression types are supported now.
* lzo, lzma, gzip, bzip2
* @image_buf: Address to decompress from
* @image_len: Number of bytes in @image_buf to decompress
* @unc_len: Available space for decompression
- * @return 0 if OK, -ve on error (BOOTM_ERR_...)
+ * Return: 0 if OK, -ve on error (BOOTM_ERR_...)
*/
int image_decomp(int comp, ulong load, ulong image_start, int type,
void *load_buf, void *image_buf, ulong image_len,
* @blob: FDT to update
* @of_size: Size of the FDT
* @lmb: Points to logical memory block structure
- * @return 0 if ok, <0 on failure
+ * Return: 0 if ok, <0 on failure
*/
int image_setup_libfdt(bootm_headers_t *images, void *blob,
int of_size, struct lmb *lmb);
* paramters to the FDT if libfdt is available.
*
* @param images Images information
- * @return 0 if ok, <0 on failure
+ * Return: 0 if ok, <0 on failure
*/
int image_setup_linux(bootm_headers_t *images);
* @image: Address of image
* @start: Returns start address of image
* @end : Returns end address of image
- * @return 0 if OK, 1 if the image was not recognised
+ * Return: 0 if OK, 1 if the image was not recognised
*/
int bootz_setup(ulong image, ulong *start, ulong *end);
* @start: Returns start address of image
* @size : Returns size image
* @force_reloc: Ignore image->ep field, always place image to RAM start
- * @return 0 if OK, 1 if the image was not recognised
+ * Return: 0 if OK, 1 if the image was not recognised
*/
int booti_setup(ulong image, ulong *relocated_addr, ulong *size,
bool force_reloc);
#define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
-#if IMAGE_ENABLE_FIT
/* cmdline argument format parsing */
int fit_parse_conf(const char *spec, ulong addr_curr,
ulong *addr, const char **conf_name);
int fit_image_get_data_and_size(const void *fit, int noffset,
const void **data, size_t *size);
-int fit_image_hash_get_algo(const void *fit, int noffset, char **algo);
+int fit_image_hash_get_algo(const void *fit, int noffset, const char **algo);
int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value,
int *value_len);
const char *comment, int require_keys,
const char *engine_id, const char *cmdname);
+#define NODE_MAX_NAME_LEN 80
+
+/**
+ * struct image_summary - Provides information about signing info added
+ *
+ * @sig_offset: Offset of the node in the blob devicetree where the signature
+ * was wriiten
+ * @sig_path: Path to @sig_offset
+ * @keydest_offset: Offset of the node in the keydest devicetree where the
+ * public key was written (-1 if none)
+ * @keydest_path: Path to @keydest_offset
+ */
+struct image_summary {
+ int sig_offset;
+ char sig_path[NODE_MAX_NAME_LEN];
+ int keydest_offset;
+ char keydest_path[NODE_MAX_NAME_LEN];
+};
+
/**
* fit_add_verification_data() - add verification data to FIT image nodes
*
* @keydir: Directory containing keys
- * @kwydest: FDT blob to write public key information to
+ * @kwydest: FDT blob to write public key information to (NULL if none)
* @fit: Pointer to the FIT format image header
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
* @engine_id: Engine to use for signing
* @cmdname: Command name used when reporting errors
+ * @algo_name: Algorithm name, or NULL if to be read from FIT
+ * @summary: Returns information about what data was written
*
* Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes
int fit_add_verification_data(const char *keydir, const char *keyfile,
void *keydest, void *fit, const char *comment,
int require_keys, const char *engine_id,
- const char *cmdname);
+ const char *cmdname, const char *algo_name,
+ struct image_summary *summary);
+/**
+ * fit_image_verify_with_data() - Verify an image with given data
+ *
+ * @fit: Pointer to the FIT format image header
+ * @image_offset: Offset in @fit of image to verify
+ * @key_blob: FDT containing public keys
+ * @data: Image data to verify
+ * @size: Size of image data
+ */
int fit_image_verify_with_data(const void *fit, int image_noffset,
- const void *data, size_t size);
+ const void *key_blob, const void *data,
+ size_t size);
+
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
int fit_all_image_verify(const void *fit);
* sure that there are no strange tags or broken nodes in the FIT.
*
* @fit: pointer to the FIT format image header
- * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check
+ * Return: 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check
* failed (e.g. due to bad structure), -ENOMSG if the description is
* missing, -EBADMSG if the timestamp is missing, -ENOENT if the /images
* path is missing
int fit_check_ramdisk(const void *fit, int os_noffset,
uint8_t arch, int verify);
-#endif /* IMAGE_ENABLE_FIT */
int calculate_hash(const void *data, int data_len, const char *algo,
uint8_t *value, int *value_len);
# define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE)
#endif
-#if IMAGE_ENABLE_FIT
#ifdef USE_HOSTCC
void *image_get_host_blob(void);
void image_set_host_blob(void *host_blob);
# define gd_fdt_blob() (gd->fdt_blob)
#endif
-#endif /* IMAGE_ENABLE_FIT */
-
/*
* Information passed to the signing routines
*
const char *keydir; /* Directory conaining keys */
const char *keyname; /* Name of key to use */
const char *keyfile; /* Filename of private or public key */
- void *fit; /* Pointer to FIT blob */
+ const void *fit; /* Pointer to FIT blob */
int node_offset; /* Offset of signature node */
const char *name; /* Algorithm name */
struct checksum_algo *checksum; /* Checksum algorithm information */
int size;
};
-#if FIT_IMAGE_ENABLE_VERIFY
-# include <u-boot/hash-checksum.h>
-#endif
struct checksum_algo {
const char *name;
const int checksum_len;
const EVP_MD *(*calculate_sign)(void);
#endif
int (*calculate)(const char *name,
- const struct image_region region[],
+ const struct image_region *region,
int region_count, uint8_t *checksum);
};
*
* @info: Specifies key and FIT information
* @keydest: Destination FDT blob for public key data
- * @return: 0, on success, -ve on error
+ * @return: node offset within the FDT blob where the data was written,
+ * or -ve on error
*/
int (*add_verify_data)(struct image_sign_info *info, void *keydest);
const uint8_t *hash, int hash_len);
};
+/* Declare a new U-Boot padding algorithm handler */
+#define U_BOOT_PADDING_ALGO(__name) \
+ll_entry_declare(struct padding_algo, __name, paddings)
+
/**
* image_get_checksum_algo() - Look up a checksum algorithm
*
* @param full_name Name of algorithm in the form "checksum,crypto"
- * @return pointer to algorithm information, or NULL if not found
+ * Return: pointer to algorithm information, or NULL if not found
*/
struct checksum_algo *image_get_checksum_algo(const char *full_name);
* image_get_crypto_algo() - Look up a cryptosystem algorithm
*
* @param full_name Name of algorithm in the form "checksum,crypto"
- * @return pointer to algorithm information, or NULL if not found
+ * Return: pointer to algorithm information, or NULL if not found
*/
struct crypto_algo *image_get_crypto_algo(const char *full_name);
* image_get_padding_algo() - Look up a padding algorithm
*
* @param name Name of padding algorithm
- * @return pointer to algorithm information, or NULL if not found
+ * Return: pointer to algorithm information, or NULL if not found
*/
struct padding_algo *image_get_padding_algo(const char *name);
-#if IMAGE_ENABLE_FIT
-
/**
* fit_image_verify_required_sigs() - Verify signatures marked as 'required'
*
* @image_noffset: Offset of image node to check
* @data: Image data to check
* @size: Size of image data
- * @sig_blob: FDT containing public keys
+ * @key_blob: FDT containing public keys
* @no_sigsp: Returns 1 if no signatures were required, and
* therefore nothing was checked. The caller may wish
* to fall back to other mechanisms, or refuse to
* boot.
- * @return 0 if all verified ok, <0 on error
+ * Return: 0 if all verified ok, <0 on error
*/
int fit_image_verify_required_sigs(const void *fit, int image_noffset,
- const char *data, size_t size, const void *sig_blob,
+ const char *data, size_t size, const void *key_blob,
int *no_sigsp);
/**
* @noffset: Offset of signature node to check
* @data: Image data to check
* @size: Size of image data
- * @required_keynode: Offset in the control FDT of the required key node,
+ * @keyblob: Key blob to check (typically the control FDT)
+ * @required_keynode: Offset in the keyblob of the required key node,
* if any. If this is given, then the image wil not
* pass verification unless that key is used. If this is
* -1 then any signature will do.
* @err_msgp: In the event of an error, this will be pointed to a
* help error string to display to the user.
- * @return 0 if all verified ok, <0 on error
+ * Return: 0 if all verified ok, <0 on error
*/
int fit_image_check_sig(const void *fit, int noffset, const void *data,
- size_t size, int required_keynode, char **err_msgp);
+ size_t size, const void *key_blob, int required_keynode,
+ char **err_msgp);
int fit_image_decrypt_data(const void *fit,
int image_noffset, int cipher_noffset,
* @fdt_regions: Regions as returned by libfdt
* @count: Number of regions returned by libfdt
* @region: Place to put list of regions (NULL to allocate it)
- * @return pointer to list of regions, or NULL if out of memory
+ * Return: pointer to list of regions, or NULL if out of memory
*/
struct image_region *fit_region_make_list(const void *fit,
struct fdt_region *fdt_regions, int count,
struct cipher_algo *image_get_cipher_algo(const char *full_name);
-#ifdef CONFIG_FIT_VERBOSE
-#define fit_unsupported(msg) printf("! %s:%d " \
- "FIT images not supported for '%s'\n", \
- __FILE__, __LINE__, (msg))
-
-#define fit_unsupported_reset(msg) printf("! %s:%d " \
- "FIT images not supported for '%s' " \
- "- must reset board to recover!\n", \
- __FILE__, __LINE__, (msg))
-#else
-#define fit_unsupported(msg)
-#define fit_unsupported_reset(msg)
-#endif /* CONFIG_FIT_VERBOSE */
-#endif /* CONFIG_FIT */
-
-#if !defined(USE_HOSTCC)
-#if defined(CONFIG_ANDROID_BOOT_IMAGE)
struct andr_img_hdr;
int android_image_check_header(const struct andr_img_hdr *hdr);
int android_image_get_kernel(const struct andr_img_hdr *hdr, int verify,
ulong android_image_get_kload(const struct andr_img_hdr *hdr);
ulong android_image_get_kcomp(const struct andr_img_hdr *hdr);
void android_print_contents(const struct andr_img_hdr *hdr);
-#if !defined(CONFIG_SPL_BUILD)
bool android_image_print_dtb_contents(ulong hdr_addr);
-#endif
-
-#endif /* CONFIG_ANDROID_BOOT_IMAGE */
-#endif /* !USE_HOSTCC */
/**
* board_fit_config_name_match() - Check for a matching board name
* in each (FDT) image node.
*
* @name: Device tree description
- * @return 0 if this device tree should be used, non-zero to try the next
+ * Return: 0 if this device tree should be used, non-zero to try the next
*/
int board_fit_config_name_match(const char *name);
* @node: offset of image node
* @image: pointer to the image start pointer
* @size: pointer to the image size
- * @return no return value (failure should be handled internally)
+ * Return: no return value (failure should be handled internally)
*/
void board_fit_image_post_process(const void *fit, int node, void **p_image,
size_t *p_size);
* the node described by the default configuration if it exists.
*
* @fdt: pointer to flat device tree
- * @return the node if found, -ve otherwise
+ * Return: the node if found, -ve otherwise
*/
int fit_find_config_node(const void *fdt);