#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
-#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
-#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
+#define CONFIG_FIT_RSASSA_PSS 1
+#define CONFIG_FIT_SHA256
+#define CONFIG_FIT_SHA384
+#define CONFIG_FIT_SHA512
#define CONFIG_SHA1
#define CONFIG_SHA256
+#define CONFIG_SHA384
+#define CONFIG_SHA512
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
# ifdef CONFIG_SPL_MD5_SUPPORT
# define IMAGE_ENABLE_MD5 1
# endif
-# ifdef CONFIG_SPL_SHA1_SUPPORT
+# ifdef CONFIG_SPL_FIT_SHA1
# define IMAGE_ENABLE_SHA1 1
# endif
# else
#define IMAGE_ENABLE_SHA1 0
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
- defined(CONFIG_SPL_SHA256_SUPPORT)
+#if defined(CONFIG_FIT_SHA256) || \
+ defined(CONFIG_SPL_FIT_SHA256)
#define IMAGE_ENABLE_SHA256 1
#else
#define IMAGE_ENABLE_SHA256 0
#endif
+#if defined(CONFIG_FIT_SHA384) || \
+ defined(CONFIG_SPL_FIT_SHA384)
+#define IMAGE_ENABLE_SHA384 1
+#else
+#define IMAGE_ENABLE_SHA384 0
+#endif
+
+#if defined(CONFIG_FIT_SHA512) || \
+ defined(CONFIG_SPL_FIT_SHA512)
+#define IMAGE_ENABLE_SHA512 1
+#else
+#define IMAGE_ENABLE_SHA512 0
+#endif
+
#endif /* IMAGE_ENABLE_FIT */
#ifdef CONFIG_SYS_BOOT_GET_CMDLINE
extern ulong image_save_addr; /* Default Save Address */
extern ulong image_save_size; /* Default Save Size */
+/* An invalid size, meaning that the image size is not known */
+#define IMAGE_SIZE_INVAL (-1UL)
+
enum ih_category {
IH_ARCH,
IH_COMP,
IH_TYPE_IMX8MIMAGE, /* Freescale IMX8MBoot Image */
IH_TYPE_IMX8IMAGE, /* Freescale IMX8Boot Image */
IH_TYPE_COPRO, /* Coprocessor Image for remoteproc*/
+ IH_TYPE_SUNXI_EGON, /* Allwinner eGON Boot Image */
IH_TYPE_COUNT, /* Number of image types */
};
IH_COMP_LZMA, /* lzma Compression Used */
IH_COMP_LZO, /* lzo Compression Used */
IH_COMP_LZ4, /* lz4 Compression Used */
+ IH_COMP_ZSTD, /* zstd Compression Used */
IH_COMP_COUNT,
};
ulong initrd_end;
ulong cmdline_start;
ulong cmdline_end;
- bd_t *kbd;
+ struct bd_info *kbd;
#endif
int verify; /* env_get("verify")[0] != 'n' */
#define BOOTM_STATE_OS_GO (0x00000400)
int state;
-#ifdef CONFIG_LMB
+#if defined(CONFIG_LMB) && !defined(USE_HOSTCC)
struct lmb lmb; /* for memory mgmt */
#endif
} bootm_headers_t;
} table_entry_t;
/*
+ * Compression type and magic number mapping table.
+ */
+struct comp_magic_map {
+ int comp_id;
+ const char *name;
+ unsigned char magic[2];
+};
+
+/*
* get_table_entry_id() scans the translation table trying to find an
* entry that matches the given short name. If a matching entry is
* found, it's id is returned to the caller.
/**
* genimg_get_cat_desc() - Get the description of a category
*
+ * @category: Category to check
* @return the description of a category, e.g. "architecture". This
* effectively converts the enum to a string.
*/
const char *genimg_get_cat_desc(enum ih_category category);
+/**
+ * genimg_cat_has_id() - Check whether a category has an item
+ *
+ * @category: Category to check
+ * @id: Item ID
+ * @return true or false as to whether a category has an item
+ */
+bool genimg_cat_has_id(enum ih_category category, uint id);
+
int genimg_get_os_id(const char *name);
int genimg_get_arch_id(const char *name);
int genimg_get_type_id(const char *name);
int genimg_get_format(const void *img_addr);
int genimg_has_config(bootm_headers_t *images);
-int boot_get_fpga(int argc, char * const argv[], bootm_headers_t *images,
- uint8_t arch, const ulong *ld_start, ulong * const ld_len);
-int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
- uint8_t arch, ulong *rd_start, ulong *rd_end);
+int boot_get_fpga(int argc, char *const argv[], bootm_headers_t *images,
+ uint8_t arch, const ulong *ld_start, ulong * const ld_len);
+int boot_get_ramdisk(int argc, char *const argv[], bootm_headers_t *images,
+ uint8_t arch, ulong *rd_start, ulong *rd_end);
/**
* boot_get_loadable - routine to load a list of binaries to memory
* 0, if only valid images or no images are found
* error code, if an error occurs during fit_image_load
*/
-int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images,
- uint8_t arch, const ulong *ld_start, ulong * const ld_len);
+int boot_get_loadable(int argc, char *const argv[], bootm_headers_t *images,
+ uint8_t arch, const ulong *ld_start, ulong *const ld_len);
#endif /* !USE_HOSTCC */
int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name,
ulong addr);
-int boot_get_fdt(int flag, int argc, char * const argv[], uint8_t arch,
+int boot_get_fdt(int flag, int argc, char *const argv[], uint8_t arch,
bootm_headers_t *images,
char **of_flat_tree, ulong *of_size);
void boot_fdt_add_mem_rsv_regions(struct lmb *lmb, void *fdt_blob);
ulong *initrd_start, ulong *initrd_end);
int boot_get_cmdline(struct lmb *lmb, ulong *cmd_start, ulong *cmd_end);
#ifdef CONFIG_SYS_BOOT_GET_KBD
-int boot_get_kbd(struct lmb *lmb, bd_t **kbd);
+int boot_get_kbd(struct lmb *lmb, struct bd_info **kbd);
#endif /* CONFIG_SYS_BOOT_GET_KBD */
#endif /* !USE_HOSTCC */
}
static inline int image_check_arch(const image_header_t *hdr, uint8_t arch)
{
+#ifndef USE_HOSTCC
+ /* Let's assume that sandbox can load any architecture */
+ if (IS_ENABLED(CONFIG_SANDBOX))
+ return true;
+#endif
return (image_get_arch(hdr) == arch) ||
(image_get_arch(hdr) == IH_ARCH_ARM && arch == IH_ARCH_ARM64);
}
#endif /* USE_HOSTCC */
/**
+ * image_decomp_type() - Find out compression type of an image
+ *
+ * @buf: Address in U-Boot memory where image is loaded.
+ * @len: Length of the compressed image.
+ * @return compression type or IH_COMP_NONE if not compressed.
+ *
+ * Note: Only following compression types are supported now.
+ * lzo, lzma, gzip, bzip2
+ */
+int image_decomp_type(const unsigned char *buf, ulong len);
+
+/**
* image_decomp() - decompress an image
*
* @comp: Compression algorithm that is used (IH_COMP_...)
* 0, on success
* libfdt error code, on failure
*/
-int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys,
- const char *engine_id, const char *cmdname);
+int fit_add_verification_data(const char *keydir, const char *keyfile,
+ void *keydest, void *fit, const char *comment,
+ int require_keys, const char *engine_id,
+ const char *cmdname);
int fit_image_verify_with_data(const void *fit, int image_noffset,
const void *data, size_t size);
int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);
int fit_image_check_type(const void *fit, int noffset, uint8_t type);
int fit_image_check_comp(const void *fit, int noffset, uint8_t comp);
-int fit_check_format(const void *fit);
+
+/**
+ * fit_check_format() - Check that the FIT is valid
+ *
+ * This performs various checks on the FIT to make sure it is suitable for
+ * use, looking for mandatory properties, nodes, etc.
+ *
+ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make
+ * sure that there are no strange tags or broken nodes in the FIT.
+ *
+ * @fit: pointer to the FIT format image header
+ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check
+ * failed (e.g. due to bad structure), -ENOMSG if the description is
+ * missing, -EBADMSG if the timestamp is missing, -ENOENT if the /images
+ * path is missing
+ */
+int fit_check_format(const void *fit, ulong size);
int fit_conf_find_compat(const void *fit, const void *fdt);
# if defined(CONFIG_FIT_SIGNATURE)
# define IMAGE_ENABLE_SIGN 1
# define IMAGE_ENABLE_VERIFY 1
+# define IMAGE_ENABLE_VERIFY_ECDSA 1
# define FIT_IMAGE_ENABLE_VERIFY 1
# include <openssl/evp.h>
# else
# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY 0
+# define IMAGE_ENABLE_VERIFY_ECDSA 0
# define FIT_IMAGE_ENABLE_VERIFY 0
# endif
#else
# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
+# define IMAGE_ENABLE_VERIFY_ECDSA 0
# define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE)
#endif
#endif
#endif /* IMAGE_ENABLE_FIT */
-/* Information passed to the signing routines */
+/*
+ * Information passed to the signing routines
+ *
+ * Either 'keydir', 'keyname', or 'keyfile' can be NULL. However, either
+ * 'keyfile', or both 'keydir' and 'keyname' should have valid values. If
+ * neither are valid, some operations might fail with EINVAL.
+ */
struct image_sign_info {
const char *keydir; /* Directory conaining keys */
const char *keyname; /* Name of key to use */
+ const char *keyfile; /* Filename of private or public key */
void *fit; /* Pointer to FIT blob */
int node_offset; /* Offset of signature node */
const char *name; /* Algorithm name */
};
#if IMAGE_ENABLE_VERIFY
-# include <u-boot/rsa-checksum.h>
+# include <u-boot/hash-checksum.h>
#endif
struct checksum_algo {
const char *name;
unsigned char **cipher, int *cipher_len);
int (*add_cipher_data)(struct image_cipher_info *info,
- void *keydest);
+ void *keydest, void *fit, int node_noffset);
int (*decrypt)(struct image_cipher_info *info,
const void *cipher, size_t cipher_len,
*/
int board_fit_config_name_match(const char *name);
-#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \
- defined(CONFIG_FIT_IMAGE_POST_PROCESS)
/**
* board_fit_image_post_process() - Do any post-process on FIT binary data
*
* into the FIT creation (i.e. the binary blobs would have been pre-processed
* before being added to the FIT image).
*
+ * @fit: pointer to fit image
+ * @node: offset of image node
* @image: pointer to the image start pointer
* @size: pointer to the image size
* @return no return value (failure should be handled internally)
*/
-void board_fit_image_post_process(void **p_image, size_t *p_size);
-#endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */
+void board_fit_image_post_process(const void *fit, int node, void **p_image,
+ size_t *p_size);
#define FDT_ERROR ((ulong)(-1))
.handler = _handler, \
}
+/**
+ * fit_update - update storage with FIT image
+ * @fit: Pointer to FIT image
+ *
+ * Update firmware on storage using FIT image as input.
+ * The storage area to be update will be identified by the name
+ * in FIT and matching it to "dfu_alt_info" variable.
+ *
+ * Return: 0 on success, non-zero otherwise
+ */
+int fit_update(const void *fit);
+
#endif /* __IMAGE_H__ */
projects / platform / kernel / u-boot.git / blobdiff