03 Dec, 2018
1 commit
-
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.Signed-off-by: Philippe Reynes
Reviewed-by: Simon Glass
11 Jul, 2018
1 commit
-
Rather than verifying configuration signature of the configuration node
containing the kernel image types, verify all configuration nodes, even
those that do not contain kernel images. This is useful when the nodes
contain ie. standalone OSes or U-Boot.Signed-off-by: Marek Vasut
Cc: Tom Rini
Cc: Pantelis Antoniou
Cc: Simon Glass
Reviewed-by: Simon Glass
27 May, 2018
1 commit
-
Add FIT data-position & data-offset property support for bootm,
which were already supported in SPL.Signed-off-by: Kelvin Cheung
24 May, 2018
4 commits
-
Just add IH_TYPE_STANDALONE to fit_get_image_type_property().
Signed-off-by: Marek Vasut
Cc: Pantelis Antoniou
Cc: Simon Glass
Reviewed-by: Simon Glass -
These functions may be needed in SPL, so add empty variants of them
if CONFIG_SPL_FIT_PRINT is disabled.Signed-off-by: Marek Vasut
Cc: Pantelis Antoniou
Cc: Simon Glass
Reviewed-by: Simon Glass -
Rename CONFIG_FIT_SPL_PRINT to CONFIG_SPL_FIT_PRINT and add Kconfig
entry for it.Signed-off-by: Marek Vasut
Cc: Pantelis Antoniou
Cc: Simon Glass
Reviewed-by: Simon Glass -
We only call fit_conf_print from one place in the code, so mark it as
static and move it up to where we call it. This in turn has us move a
few other already static functions up further as well.Signed-off-by: Tom Rini
09 May, 2018
1 commit
-
The signature/hash information are displayed for images but nor for
configurations.Add subnodes printing in fit_conf_print() like it's done in fit_image_print()
Signed-off-by: Clément Péron
[trini: Add guards around fit_conf_print to avoid warnings]
Signed-off-by: Tom Rini
07 May, 2018
1 commit
-
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.Signed-off-by: Tom Rini
07 Apr, 2018
2 commits
-
SPL ATF implementation requires FIT image with partitions where the one
is Firmware/ATF and another one Firmware/U-Boot. OS field is used for
recording that difference that's why make sense to show values there for
Firmware types.For example:
Image 0 (atf)
Description: ATF bl31.bin
Created: Mon Mar 26 15:58:14 2018
Type: Firmware
Compression: uncompressed
Data Size: 51152 Bytes = 49.95 KiB = 0.05 MiB
Architecture: ARM
OS: ARM Trusted Firmware
Load Address: 0xfffe0000
Hash algo: md5
Hash value: 36a4212bbb698126bf5a248f0f4b5336
Image 1 (uboot)
Description: u-boot.bin
Created: Mon Mar 26 15:58:14 2018
Type: Firmware
Compression: uncompressed
Data Size: 761216 Bytes = 743.38 KiB = 0.73 MiB
Architecture: ARM
OS: U-Boot
Load Address: 0x08000000
Hash algo: md5
Hash value: f22960fe429be72296dc8dc59a47d566Signed-off-by: Michal Simek
Reviewed-by: Simon Glass
Reviewed-by: Jun Nie -
SPL ATF support requires to have firmware property which should be also
listed by mkimage -l when images is created.The patch is also using this macro in spl_fit to match keyword.
When image is created:
Default Configuration: 'config'
Configuration 0 (config)
Description: ATF with full u-boot
Kernel: unavailable
Firmware: atf
FDT: dtbSigned-off-by: Michal Simek
Reviewed-by: Simon Glass
Reviewed-by: Jun Nie
Reviewed-by: Philipp Tomsich
19 Mar, 2018
1 commit
-
U-boot proper signature is not verified by SPL on most platforms
even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape
platform support secure boot in platform specific code. So
verified boot cannot be achieved if u-boot proper is loaded by
SPL.This patch add signature verification to u-boot proper images
when loading FIT image in SPL. It is tested on Allwinner bananapi
zero board with H2+ SoC.Signed-off-by: Jun Nie
16 Jan, 2018
1 commit
-
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.Signed-off-by: Andre Przywara
13 Dec, 2017
1 commit
-
For external data, FIT has a optional property "data-position" which
can set the external data to a fixed offset to FIT beginning.
Add the support for this property in SPL FIT.Signed-off-by: Ye Li
Signed-off-by: Peng Fan
Reviewed-by: Simon Glass
Reviewed-by: Tomas Melin
Cc: Pantelis Antoniou
Cc: "Andrew F. Davis"
Cc: Igor Grinberg
Cc: "tomas.melin@vaisala.com"
Cc: Kever Yang
Cc: Andre Przywara
Cc: York Sun
Cc: Lokesh Vutla
Cc: "Cooper Jr., Franklin"
Cc: George McCollister
Cc: Tuomas Tynkkynen
Cc: Jean-Jacques Hiblot
Cc: Rick Altherr
Cc: Tom Rini
Reviewed-by: Lokesh Vutla
Reviewed-by: York Sun
15 Sep, 2017
3 commits
-
Introduce an overlay based method for constructing a base DT blob
to pass to the kernel.It is based on a specific method now to get the FDT from a FIT image
named boot_get_fdt_fit().Signed-off-by: Pantelis Antoniou
Acked-by: Simon Glass -
fit_image_load() threw away the extra configuration parts when
loading. We need them around for applying extra overlays for
building the boot fdt.Signed-off-by: Pantelis Antoniou
Acked-by: Simon Glass -
As part of the fdt overlay support which need it, allow
a list of configurations per property.Signed-off-by: Pantelis Antoniou
Acked-by: Simon Glass
14 Jan, 2017
1 commit
-
Enable support for loading a splash image from within a FIT image.
The image is assumed to be generated with mkimage -E flag to hold
the data external to the FIT.Signed-off-by: Tomas Melin
Acked-by: Igor Grinberg
05 Dec, 2016
1 commit
-
After an image is selected out of a FIT blob for further processing we
run an optional, platform specific, post-processing function on this
component. This post-processing may modify the position and size of the
image, so after post-processing we update the location and size for this
image in the FIT header. This can cause problems as the position of
subsequent components in the FIT blob are only referenced by relative
position to the end of the last component. When we resize or move a
component the following components position will be calculated
incorrectly. To fix this, we do not update the FIT header but instead
only update our local understanding of the image data. This also allows
us to re-run post-processing steps if needed.Signed-off-by: Andrew F. Davis
Tested-by: Carlos Hernandez
Reviewed-by: Simon Glass
Reviewed-by: Lokesh Vutla
24 Nov, 2016
1 commit
-
Commit ec6617c3 includes autoconf.h in image-fit.c, causing conflict
for board odroid-xu3 which overwrites CONFIG_SYS_BOARD in header
file. Move the include higher and use linux/kconfig.h instead of
generated/autoconf.h.Signed-off-by: York Sun
CC: Alison Wang
23 Nov, 2016
1 commit
-
To support loading a 32-bit OS, the execution state will change from
AArch64 to AArch32 when jumping to kernel.The architecture information will be got through checking FIT image,
then U-Boot will load 32-bit OS or 64-bit OS automatically.Signed-off-by: Ebony Zhu
Signed-off-by: Alison Wang
Signed-off-by: Chenhui Zhao
Reviewed-by: York Sun
14 Oct, 2016
2 commits
-
The signature for this macro has changed. Bring in the upstream version and
adjust U-Boot's usages to suit.Signed-off-by: Simon Glass
Update to drivers/power/pmic/palmas.c:
Signed-off-by: KeerthyChange-Id: I6cc9021339bfe686f9df21d61a1095ca2b3776e8
-
These have now landed upstream. The naming is different and in one case the
function signature has changed. Update the code to match.This applies the following upstream commits by
Thierry Reding :604e61e fdt: Add functions to retrieve strings
8702bd1 fdt: Add a function to get the index of a string
2218387 fdt: Add a function to count stringsSigned-off-by: Simon Glass
22 Sep, 2016
1 commit
-
Commit bac17b78dace ("image-fit: switch ENOLINK to ENOENT") changed
fit_get_node_from_config to return -ENOENT when a property doesn't
exist, but didn't change any of its callers which check return values.
Notably it didn't change boot_get_ramdisk, which leads to U-Boot failing
to boot FIT images which don't include ramdisks with the following
message:Ramdisk image is corrupt or invalid
It also didn't take into account that by returning -ENOENT to denote the
lack of a property we lost the ability to determine from the return
value of fit_get_node_from_config whether it was the property or the
configuration node that was missing, which may potentially lead callers
to accept invalid FIT images.Fix this by having fit_get_node_from_config return -EINVAL when the
configuration node isn't found and -ENOENT when the property isn't
found, which seems to make semantic sense. Callers that previously
checked for -ENOLINK are adjusted to check for -ENOENT, which fixes the
breakage introduced by commit bac17b78dace ("image-fit: switch ENOLINK
to ENOENT").The only other user of the return fit_get_node_from_config return value,
indirectly, is bootm_find_os which already checked for -ENOENT. From a
read-through of the code I suspect it ought to have been checking for
-ENOLINK prior to bac17b78dace ("image-fit: switch ENOLINK to ENOENT")
anyway, which would make it right after this patch, but this would be
good to get verified by someone who knows this x86 code or is able to
test it.Signed-off-by: Paul Burton
Cc: Jonathan Gray
Cc: Marek Vasut
Acked-by: Marek Vasut
Acked-by: Stefan Roese
Acked-by: George McCollister
Tested-by: George McCollister
07 Sep, 2016
2 commits
-
ENOLINK is not required by POSIX and does not exist on OpenBSD
and likely other systems.Signed-off-by: Jonathan Gray
-
Commit 62afc601883e788f3f22291202d5b2a23c1a8b06 introduced fpga image load via
bootm but broke the OS check in fit_image_load().This commit removes following compiler warning:
---88---
Signed-off-by: Andreas Bießmann
Cc: Michal Simek
Acked-by: Michal Simek
12 Aug, 2016
1 commit
-
This commit allows injecting a board/platform/device-specific post-
processing function into the FIT image data loading process, which can
include modifying the size and altering the starting source address of
an image data artifact. This might be desired to do things like strip
headers or footers attached to the images before they were packaged into
the FIT, or to perform operations such as decryption or authentication.
Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to
allow controlling this feature. If enabled, a platform-specific post-
process function must be provided.Signed-off-by: Andreas Dannenberg
Reviewed-by: Tom Rini
Reviewed-by: Simon Glass
26 Jul, 2016
1 commit
-
In certain circumstances it comes in handy to be able to boot into a second
U-Boot. But as of now it is not possible to boot a U-Boot binary that is inside
a FIT image, which is problematic for projects that e.g. need to guarantee a
unbroken chain of trust from SOC all the way into the OS, since the FIT signing
mechanism cannot be used.This patch adds the capability to load such FIT images.
An example .its snippet (utilizing signature verification) might look
like the following:images {
firmware@1 {
description = "2nd stage U-Boot image";
data = /incbin/("u-boot-dtb.img.gz");
type = "firmware";
arch = "arm";
os = "u-boot";
compression = "gzip";
load = ;
entry = ;
signature@1 {
algo = "sha256,rsa4096";
key-name-hint = "key";
};
};
};Signed-off-by: Mario Six
Reviewed-by: Tom Rini
17 Jun, 2016
1 commit
-
The comments in the source file are riddled with spelling mistakes. Be
a good citizen and take a stab at cleaning up some of the more obvious
ones.Signed-off-by: Andreas Dannenberg
Reviewed-by: Simon Glass
24 May, 2016
2 commits
-
Add function boot_get_fpga() which find and load bitstream to
programmable logic if fpga entry is present.
Function is supported on Xilinx devices for full and partial bitstreams
in BIN and BIT format.Signed-off-by: Michal Simek
Remove additional blankline in image.h -
Add FIT_FPGA_PROP that user can identify an optional
entry for fpga.Signed-off-by: Michal Simek
Reviewed-by: Simon Glass
23 May, 2016
1 commit
-
This function returns an error code and its caller may be able to fix the
error. For example fit_handle_file() expands the device tree to fit if there
is a lack of space.In this case the caller does not want an error displayed. It is confusing,
since it suggests that something is wrong, when it fact everything is fine.
Drop the error.Signed-off-by: Simon Glass
15 Mar, 2016
3 commits
-
FIT image supports more than 32 bits in addresses by using #address-cell
field. Fixing 64-bit support by using this field.Signed-off-by: York Sun
Reviewed-by: Simon Glass -
FIT image supports load address and entry address. Getting these
addresses can use a common function.Signed-off-by: York Sun
Reviewed-by: Simon Glass -
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.Move these options to Kconfig and tidy up board configuration:
CONFIG_FIT
CONFIG_OF_BOARD_SETUP
CONFIG_OF_SYSTEM_SETUP
CONFIG_FIT_SIGNATURE
CONFIG_FIT_BEST_MATCH
CONFIG_FIT_VERBOSE
CONFIG_OF_STDOUT_VIA_ALIAS
CONFIG_RSAUnfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.Note: Masahiro's moveconfig.py script is amazing.
Signed-off-by: Simon Glass
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini
26 Feb, 2016
2 commits
-
This reverts commit 84ca65aa4bd0d03867e9e49805201d0564d3ffb0.
On signature verification failures fit_image_verify() should NOT exit with
error. Only keys marked 'required' can cause image verification failure.
This logic is already there and works correctly.Add a comment to make this clear.
Fixes: 84ca65aa (image-fit: Fix signature checking)
Signed-off-by: Simon Glass -
A recent change broke the 'bootm' command on sandbox. The root cause is
using a pointer as an address. Conversion from pointer to address needs to
use map_to_sysmem() so that sandbox can do the right thing. The problem was
pre-existing but uncovered by a recent commit.Fix this. Also move fit_get_end() to the C file to avoid needing to include
mapmem.h (and thus asm/io.h) everywhere.Fixes: 1fec3c5d (common/image.c: Make boot_get_ramdisk() perform a check for Android images)
Signed-off-by: Simon Glass
20 Oct, 2015
1 commit
-
On signature verification failures fit_image_verify() should
exit with error.Signed-off-by: Andrej Rosano
06 Jun, 2015
1 commit
-
This fixes the following compiler warning:
In file included from tools/common/image-fit.c:1:0:
./tools/../common/image-fit.c: In function ‘fit_conf_print’:
./tools/../common/image-fit.c:1470:27: warning: logical not is only applied
to the left hand side of comparison [-Wlogical-not-parentheses]
(const char **)&uname) > 0;Signed-off-by: Hans de Goede
28 May, 2015
1 commit
-
Added a trimmed down instance of boot_get_() to satisfy the
minimum requierments of the added feature. The function follows the
normal patterns set by other boot_get's, which should make it a
bit easier to combine them all together into one boot_get_image()
function in a later refactor.Documentation for the new function can be found in source:
include/image.hSigned-off-by: Karl Apsite
Reviewed-by: Simon Glass