extern ulong image_load_addr; /* Default Load Address */
extern ulong image_save_addr; /* Default Save Address */
extern ulong image_save_size; /* Default Save Size */
+extern ulong image_load_offset; /* Default Load Address Offset */
/* An invalid size, meaning that the image size is not known */
#define IMAGE_SIZE_INVAL (-1UL)
IH_TYPE_IMX8IMAGE, /* Freescale IMX8Boot Image */
IH_TYPE_COPRO, /* Coprocessor Image for remoteproc*/
IH_TYPE_SUNXI_EGON, /* Allwinner eGON Boot Image */
+ IH_TYPE_SUNXI_TOC0, /* Allwinner TOC0 Boot Image */
IH_TYPE_COUNT, /* Number of image types */
};
#define BOOTM_STATE_OS_PREP (0x00000100)
#define BOOTM_STATE_OS_FAKE_GO (0x00000200) /* 'Almost' run the OS */
#define BOOTM_STATE_OS_GO (0x00000400)
+#define BOOTM_STATE_PRE_LOAD 0x00000800
int state;
#if defined(CONFIG_LMB) && !defined(USE_HOSTCC)
int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
+/**
+ * fit_pre_load_data() - add public key to fdt blob
+ *
+ * Adds public key to the node pre load.
+ *
+ * @keydir: Directory containing keys
+ * @keydest: FDT blob to write public key
+ * @fit: Pointer to the FIT format image header
+ *
+ * returns:
+ * 0, on success
+ * < 0, on failure
+ */
+int fit_pre_load_data(const char *keydir, void *keydest, void *fit);
+
int fit_cipher_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys,
const char *engine_id, const char *cmdname);
+#define NODE_MAX_NAME_LEN 80
+
+/**
+ * struct image_summary - Provides information about signing info added
+ *
+ * @sig_offset: Offset of the node in the blob devicetree where the signature
+ * was wriiten
+ * @sig_path: Path to @sig_offset
+ * @keydest_offset: Offset of the node in the keydest devicetree where the
+ * public key was written (-1 if none)
+ * @keydest_path: Path to @keydest_offset
+ */
+struct image_summary {
+ int sig_offset;
+ char sig_path[NODE_MAX_NAME_LEN];
+ int keydest_offset;
+ char keydest_path[NODE_MAX_NAME_LEN];
+};
+
/**
* fit_add_verification_data() - add verification data to FIT image nodes
*
* @keydir: Directory containing keys
- * @kwydest: FDT blob to write public key information to
+ * @kwydest: FDT blob to write public key information to (NULL if none)
* @fit: Pointer to the FIT format image header
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
* @engine_id: Engine to use for signing
* @cmdname: Command name used when reporting errors
* @algo_name: Algorithm name, or NULL if to be read from FIT
+ * @summary: Returns information about what data was written
*
* Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes
int fit_add_verification_data(const char *keydir, const char *keyfile,
void *keydest, void *fit, const char *comment,
int require_keys, const char *engine_id,
- const char *cmdname, const char *algo_name);
+ const char *cmdname, const char *algo_name,
+ struct image_summary *summary);
+/**
+ * fit_image_verify_with_data() - Verify an image with given data
+ *
+ * @fit: Pointer to the FIT format image header
+ * @image_offset: Offset in @fit of image to verify
+ * @key_blob: FDT containing public keys
+ * @data: Image data to verify
+ * @size: Size of image data
+ */
int fit_image_verify_with_data(const void *fit, int image_noffset,
- const void *data, size_t size);
+ const void *key_blob, const void *data,
+ size_t size);
+
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
int fit_all_image_verify(const void *fit);
*
* @info: Specifies key and FIT information
* @keydest: Destination FDT blob for public key data
- * @return: 0, on success, -ve on error
+ * @return: node offset within the FDT blob where the data was written,
+ * or -ve on error
*/
int (*add_verify_data)(struct image_sign_info *info, void *keydest);
struct padding_algo {
const char *name;
int (*verify)(struct image_sign_info *info,
- uint8_t *pad, int pad_len,
+ const uint8_t *pad, int pad_len,
const uint8_t *hash, int hash_len);
};
struct padding_algo *image_get_padding_algo(const char *name);
/**
+ * image_pre_load() - Manage pre load header
+ *
+ * Manage the pre-load header before launching the image.
+ * It checks the signature of the image. It also set the
+ * variable image_load_offset to skip this header before
+ * launching the image.
+ *
+ * @param addr Address of the image
+ * @return: 0 on success, -ve on error
+ */
+int image_pre_load(ulong addr);
+
+/**
* fit_image_verify_required_sigs() - Verify signatures marked as 'required'
*
* @fit: FIT to check
* @image_noffset: Offset of image node to check
* @data: Image data to check
* @size: Size of image data
- * @sig_blob: FDT containing public keys
+ * @key_blob: FDT containing public keys
* @no_sigsp: Returns 1 if no signatures were required, and
* therefore nothing was checked. The caller may wish
* to fall back to other mechanisms, or refuse to
* Return: 0 if all verified ok, <0 on error
*/
int fit_image_verify_required_sigs(const void *fit, int image_noffset,
- const char *data, size_t size, const void *sig_blob,
+ const char *data, size_t size, const void *key_blob,
int *no_sigsp);
/**
* @noffset: Offset of signature node to check
* @data: Image data to check
* @size: Size of image data
- * @required_keynode: Offset in the control FDT of the required key node,
+ * @keyblob: Key blob to check (typically the control FDT)
+ * @required_keynode: Offset in the keyblob of the required key node,
* if any. If this is given, then the image wil not
* pass verification unless that key is used. If this is
* -1 then any signature will do.
* Return: 0 if all verified ok, <0 on error
*/
int fit_image_check_sig(const void *fit, int noffset, const void *data,
- size_t size, int required_keynode, char **err_msgp);
+ size_t size, const void *key_blob, int required_keynode,
+ char **err_msgp);
int fit_image_decrypt_data(const void *fit,
int image_noffset, int cipher_noffset,