17 Jan, 2020
1 commit
-
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.Signed-off-by: Philippe Reynes
11 Jan, 2020
1 commit
-
fit_check_params() wants at least two of dflag, fflag, and lflag set.
Simplify the logical constraint checking this.
Signed-off-by: Heinrich Schuchardt
08 Jan, 2020
1 commit
-
This is very similar to fit_image_get_data but has the benefit of working
on FIT images with external data unlike fit_image_get_data. This is
useful for extracting sub-images from type of FIT image as this would
previously just silently fail. Add an error message also so if this
still fails it is easier to find out why.Signed-off-by: Andrew F. Davis
Reviewed-by: Lokesh Vutla
31 Oct, 2019
1 commit
-
When running the following command
mkimage -f auto -A arm -O linux -T kernel -C none -a 0x8000 -e 0x8000 \
-d zImage -b zynq-microzed.dtb -i initramfs.cpio image.ubthe type of fdt subimage is the same as of the main kernel image and
the architecture of the initramfs image is not set. Such an image is
refused by U-Boot when booting. This commits sets the mentioned
attributes, allowing to use the "-f auto" mode in this case instead of
writing full .its file.Following is the diff of mkimage output without and with this commit:
FIT description: Kernel Image image with one or more FDT blobs
Created: Thu Sep 12 23:23:16 2019
Image 0 (kernel-1)
Description:
Created: Thu Sep 12 23:23:16 2019
Type: Kernel Image
Compression: uncompressed
Data Size: 4192744 Bytes = 4094.48 KiB = 4.00 MiB
Architecture: ARM
OS: Linux
Load Address: 0x00008000
Entry Point: 0x00008000
Image 1 (fdt-1)
Description: zynq-microzed
Created: Thu Sep 12 23:23:16 2019
- Type: Kernel Image
+ Type: Flat Device Tree
Compression: uncompressed
Data Size: 9398 Bytes = 9.18 KiB = 0.01 MiB
Architecture: ARM
- OS: Unknown OS
- Load Address: unavailable
- Entry Point: unavailable
Image 2 (ramdisk-1)
Description: unavailable
Created: Thu Sep 12 23:23:16 2019
Type: RAMDisk Image
Compression: Unknown Compression
Data Size: 760672 Bytes = 742.84 KiB = 0.73 MiB
- Architecture: Unknown Architecture
+ Architecture: ARM
OS: Linux
Load Address: unavailable
Entry Point: unavailable
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: zynq-microzed
Kernel: kernel-1
Init Ramdisk: ramdisk-1
FDT: fdt-1
Loadables: kernel-1Signed-off-by: Michal Sojka
19 May, 2019
1 commit
-
Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.Signed-off-by: Luca Boccassi
23 Mar, 2019
1 commit
-
When running mkimage with "-f auto", the loadable property
needs to be set in order to allow SPL FIT support to boot.Signed-off-by: Abel Vesa
Tested-by: Fabio Estevam
24 Jul, 2018
1 commit
-
There is no reason not to use macros which are already defined.
It is also much easier for grepping.Signed-off-by: Michal Simek
Reviewed-by: Simon Glass
11 Jul, 2018
2 commits
-
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.Signed-off-by: Alex Kiernan
Reviewed-by: Simon Glass -
So we can use imagetool_get_source_date() from callers who do not have
the image tool params struct, just pass in the command name for the error
message.Signed-off-by: Alex Kiernan
Reviewed-by: Simon Glass
07 May, 2018
1 commit
-
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.Signed-off-by: Tom Rini
10 Mar, 2018
1 commit
-
The system call used by mkimage to run dtc redirects stdout to a
temporary file. This can cause problems on Windows (with a MinGW
cross-compiled version). Using the "-o" dtc parameter avoids
this problem.Signed-off-by: Stefan Theil
Reviewed-by: Tom Rini
16 Jan, 2018
1 commit
-
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Correct the generated unit names when U-Boot's mkimage creates a FIT
image.Signed-off-by: Andre Przywara
16 Oct, 2017
1 commit
-
fit_handle_file function does not quote input and output files while preparing
command to run DTC to convert .its to .itb. This results in a failure if input
or output files contain spaces in their names. Quote input and output files in
DTC command to avoid this failure.Signed-off-by: Mirza, Taimoor
07 Oct, 2017
1 commit
-
The recent changes to these files did not completely fix the previous
issues, or introduced different (minor) issues. In cmd/gpt.c we need to
dereference str_disk_guid to be sure that malloc worked. In
cmd/nvedit.c we need to be careful that we can also fit in that leading
space when adding to the string. And in tools/fit_image.c we need to
re-work the error handling slightly in fit_import_data() so that we only
call munmap() once. We have two error paths here, one where we have an
fd to close and one where we do not. Adjust labels to match this.Reported-by: Coverity (CID: 167366, 167367, 167370)
Signed-off-by: Tom Rini
06 Oct, 2017
1 commit
-
Coverity has found some problems with the return paths in parts of this
code. We have a case where we were going to the wrong part of the
unwind (open() failed so we cannot close the fd), a case where we were
only free()ing our buf on the error path and finally a case where we did
not munmap in the failure path.Reported-by: Coverity (CID: 138492, 138495, 143064)
Signed-off-by: Tom Rini
15 Jan, 2017
1 commit
-
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.Signed-off-by: George McCollister
06 Nov, 2016
1 commit
-
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.Signed-off-by: Tomeu Vizoso
Cc: Simon Glass
Cc: Matt Hart
Cc: Neil Williams
Reviewed-by: Simon Glass
15 Jul, 2016
2 commits
-
The error code may provide useful information for debugging. Add it to the
error string.Signed-off-by: Simon Glass
Reviewed-by: Teddy Reed -
The fit_write_images() function incorrectly uses the long name for the
architecture. This cannot be parsed with the FIT is read. Fix this by using
the short name instead.Signed-off-by: Simon Glass
Reviewed-by: Tom Rini
25 Jun, 2016
2 commits
-
Embedding timestamps in FIT images results in unreproducible builds
for targets that generate a fit image, such as dra7xx_evm.This patch uses the SOURCE_DATE_EPOCH environment variable, when set,
to use specified value for the date.Thanks to HW42 for debugging the issue and providing the patch:
https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html
For more information about reproducible builds and the
SOURCE_DATE_EPOCH specification:https://reproducible-builds.org/specs/source-date-epoch/
https://reproducible-builds.org/Signed-off-by: Vagrant Cascadian
Reviewed-by: Simon Glass -
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.Signed-off-by: Teddy Reed
03 May, 2016
1 commit
-
There is an extra close() call which is not needed.
Reported-by: Coverity (CID: 143065)
Signed-off-by: Simon Glass
23 Mar, 2016
9 commits
-
The error path for fit_import_data() is incorrect if the second open() call
fails.Reported-by: Coverity (CID: 138489)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The file that is opened is not closed in all cases. Fix it.
Reported-by: Coverity (CID: 138490)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
Make sure that both the error path and normal return free the buffer and
close the file.Reported-by: Coverity (CID: 138491)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The 'buf' variable is not freed. Fix it.
Reported-by: Coverity (CID: 138492)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The 'fdt' variable is not unmapped in all error cases. Fix this.
Reported-by: Coverity (CID: 138493)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The space allocated to fdt is not freed on error. Fix it.
Reported-by: Coverity (CID: 138494)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The code flows through to the end of the function, so we don't need another
close() before this. Remove it.Reported-by: Coverity (CID: 138503)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The code flows through to the end of the function, so we don't need another
close() before this. Remove it.Reported-by: Coverity (CID: 138504)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini -
The munmap() call unmaps the wrong memory buffer. Fix it.
Reported-by: Coverity (CID: 138505)
Reported-by: Coverity (CID: 138495)
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini
15 Mar, 2016
4 commits
-
Since we now support data outside the FIT image, bring it into the FIT image
first before we do any processing. This avoids adding new functionality to
the core FIT code for now.Signed-off-by: Simon Glass
-
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.This allows SPL to load the entire FIT, without the images, then load the
images it wants later.Add a -E option to mkimage to request that it output an 'external' FIT.
Signed-off-by: Simon Glass
-
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.Signed-off-by: Simon Glass
-
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.Signed-off-by: Simon Glass
30 Jan, 2015
2 commits
-
The dumpimage is able to extract components contained in a FIT image:
$ ./dumpimage -T flat_dt -i CONTAINER.ITB -p INDEX FILE
The CONTAINER.ITB is a regular FIT container file. The INDEX is the poisition
of the sub-image to be retrieved, and FILE is the file (path+name) to save the
extracted sub-image.For example, given the following kernel.its to build a kernel.itb:
/dts-v1/;
/ {
...
images {
kernel@1 {
description = "Kernel 2.6.32-34";
data = /incbin/("/boot/vmlinuz-2.6.32-34-generic");
type = "kernel";
arch = "ppc";
os = "linux";
compression = "gzip";
load = ;
entry = ;
hash@1 {
algo = "md5";
};
};
...
};
...
};The dumpimage can extract the 'kernel@1' node through the following command:
$ ./dumpimage -T flat_dt -i kernel.itb -p 0 kernel
Extracted:
Image 0 (kernel@1)
Description: Kernel 2.6.32-34
Created: Wed Oct 22 15:50:26 2014
Type: Kernel Image
Compression: gzip compressed
Data Size: 4040128 Bytes = 3945.44 kB = 3.85 MB
Architecture: PowerPC
OS: Linux
Load Address: 0x00000000
Entry Point: 0x00000000
Hash algo: md5
Hash value: 22352ad39bdc03e2e50f9cc28c1c3652Which results in the file 'kernel' being exactly the same as '/boot/vmlinuz-2.6.32-34-generic'.
Signed-off-by: Guilherme Maciel Ferreira
-
The registration was introduced in commit f86ed6a8d52c99bb2d17d3cac1647edca0c4399c
This commit also removes all registration functions, and the member "next"
from image_type_params structSigned-off-by: Guilherme Maciel Ferreira
12 Jun, 2014
1 commit
-
When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.Signed-off-by: Simon Glass
22 Mar, 2014
1 commit
-
add fit_info command to the host tools. This command prints
the name, offset and the len from a property from a node in
a fit file. This info can be used to extract a properties
data with linux tools, for example "dd".Signed-off-by: Heiko Schocher
Acked-by: Simon Glass
13 Dec, 2013
1 commit
-
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:+---------------+
+------| fit_image |
+--------------+ +-----------+ | +---------------+
| mkimage |--------> | | | |
Signed-off-by: Simon Glass