* (C) Copyright 2000-2005
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
*
- * See file CREDITS for list of people who contributed to this
- * project.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- * MA 02111-1307 USA
- *
+ * SPDX-License-Identifier: GPL-2.0+
********************************************************************
* NOTE: This header file defines an interface to U-Boot. Including
* this (unmodified) header file in another file is considered normal
struct lmb;
#ifdef USE_HOSTCC
+#include <sys/types.h>
/* new uImage format support enabled on host */
#define CONFIG_FIT 1
#endif /* USE_HOSTCC */
#if defined(CONFIG_FIT)
+#include <hash.h>
#include <libfdt.h>
#include <fdt_support.h>
# ifdef CONFIG_SPL_BUILD
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
+# ifdef CONFIG_SPL_SHA256_SUPPORT
+# define IMAGE_ENABLE_SHA256 1
+# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_MD5 /* and MD5 */
# define CONFIG_SHA1 /* and SHA1 */
+# define CONFIG_SHA256 /* and SHA256 */
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
+# define IMAGE_ENABLE_SHA256 1
# endif
+#ifdef CONFIG_FIT_DISABLE_SHA256
+#undef CONFIG_SHA256
+#undef IMAGE_ENABLE_SHA256
+#endif
+
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
#define IMAGE_ENABLE_SHA1 0
#endif
+#ifndef IMAGE_ENABLE_SHA256
+#define IMAGE_ENABLE_SHA256 0
+#endif
+
#endif /* CONFIG_FIT */
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
#endif
#ifdef CONFIG_OF_BOARD_SETUP
-# define IMAAGE_OF_BOARD_SETUP 1
+# define IMAGE_OF_BOARD_SETUP 1
+#else
+# define IMAGE_OF_BOARD_SETUP 0
+#endif
+
+#ifdef CONFIG_OF_SYSTEM_SETUP
+# define IMAGE_OF_SYSTEM_SETUP 1
#else
-# define IMAAGE_OF_BOARD_SETUP 0
+# define IMAGE_OF_SYSTEM_SETUP 0
#endif
/*
#define IH_OS_INTEGRITY 21 /* INTEGRITY */
#define IH_OS_OSE 22 /* OSE */
#define IH_OS_PLAN9 23 /* Plan 9 */
+#define IH_OS_OPENRTOS 24 /* OpenRTOS */
/*
* CPU Architecture Codes (supported by Linux)
#define IH_ARCH_SANDBOX 19 /* Sandbox architecture (test only) */
#define IH_ARCH_NDS32 20 /* ANDES Technology - NDS32 */
#define IH_ARCH_OPENRISC 21 /* OpenRISC 1000 */
+#define IH_ARCH_ARM64 22 /* ARM64 */
+#define IH_ARCH_ARC 23 /* Synopsys DesignWare ARC */
+#define IH_ARCH_X86_64 24 /* AMD x86_64, Intel and Via */
/*
* Image Types
#define IH_TYPE_AISIMAGE 13 /* TI Davinci AIS Image */
#define IH_TYPE_KERNEL_NOLOAD 14 /* OS Kernel Image, can run from any load address */
#define IH_TYPE_PBLIMAGE 15 /* Freescale PBL Boot Image */
+#define IH_TYPE_MXSIMAGE 16 /* Freescale MXSBoot Image */
+#define IH_TYPE_GPIMAGE 17 /* TI Keystone GPHeader Image */
+#define IH_TYPE_ATMELIMAGE 18 /* ATMEL ROM bootable Image */
+#define IH_TYPE_SOCFPGAIMAGE 19 /* Altera SOCFPGA Preloader */
+#define IH_TYPE_X86_SETUP 20 /* x86 setup.bin Image */
+#define IH_TYPE_LPC32XXIMAGE 21 /* x86 setup.bin Image */
+#define IH_TYPE_LOADABLE 22 /* A list of typeless images */
+
+#define IH_TYPE_COUNT 23 /* Number of image types */
/*
* Compression Types
ulong image_start, image_len; /* start of image within blob, len of image */
ulong load; /* load addr for the image */
uint8_t comp, type, os; /* compression, type of image, os type */
+ uint8_t arch; /* CPU architecture */
} image_info_t;
/*
void *fit_hdr_fdt; /* FDT blob FIT image header */
const char *fit_uname_fdt; /* FDT blob subimage node unit name */
int fit_noffset_fdt;/* FDT blob subimage node offset */
+
+ void *fit_hdr_setup; /* x86 setup FIT image header */
+ const char *fit_uname_setup; /* x86 setup subimage node name */
+ int fit_noffset_setup;/* x86 setup subimage node offset */
#endif
#ifndef USE_HOSTCC
int verify; /* getenv("verify")[0] != 'n' */
#define BOOTM_STATE_START (0x00000001)
-#define BOOTM_STATE_LOADOS (0x00000002)
-#define BOOTM_STATE_RAMDISK (0x00000004)
-#define BOOTM_STATE_FDT (0x00000008)
-#define BOOTM_STATE_OS_CMDLINE (0x00000010)
-#define BOOTM_STATE_OS_BD_T (0x00000020)
-#define BOOTM_STATE_OS_PREP (0x00000040)
-#define BOOTM_STATE_OS_GO (0x00000080)
+#define BOOTM_STATE_FINDOS (0x00000002)
+#define BOOTM_STATE_FINDOTHER (0x00000004)
+#define BOOTM_STATE_LOADOS (0x00000008)
+#define BOOTM_STATE_RAMDISK (0x00000010)
+#define BOOTM_STATE_FDT (0x00000020)
+#define BOOTM_STATE_OS_CMDLINE (0x00000040)
+#define BOOTM_STATE_OS_BD_T (0x00000080)
+#define BOOTM_STATE_OS_PREP (0x00000100)
+#define BOOTM_STATE_OS_FAKE_GO (0x00000200) /* 'Almost' run the OS */
+#define BOOTM_STATE_OS_GO (0x00000400)
int state;
#ifdef CONFIG_LMB
const char *genimg_get_os_name(uint8_t os);
const char *genimg_get_arch_name(uint8_t arch);
const char *genimg_get_type_name(uint8_t type);
+
+/**
+ * genimg_get_type_short_name() - get the short name for an image type
+ *
+ * @param type Image type (IH_TYPE_...)
+ * @return image short name, or "unknown" if unknown
+ */
+const char *genimg_get_type_short_name(uint8_t type);
+
const char *genimg_get_comp_name(uint8_t comp);
int genimg_get_os_id(const char *name);
int genimg_get_arch_id(const char *name);
enum fit_load_op {
FIT_LOAD_IGNORED, /* Ignore load address */
FIT_LOAD_OPTIONAL, /* Can be provided, but optional */
+ FIT_LOAD_OPTIONAL_NON_ZERO, /* Optional, a value of 0 is ignored */
FIT_LOAD_REQUIRED, /* Must be provided */
};
+int boot_get_setup(bootm_headers_t *images, uint8_t arch, ulong *setup_start,
+ ulong *setup_len);
+
#ifndef USE_HOSTCC
/* Image format types, returned by _get_format() routine */
#define IMAGE_FORMAT_INVALID 0x00
+#if defined(CONFIG_IMAGE_FORMAT_LEGACY)
#define IMAGE_FORMAT_LEGACY 0x01 /* legacy image_header based format */
+#endif
#define IMAGE_FORMAT_FIT 0x02 /* new, libfdt based format */
+#define IMAGE_FORMAT_ANDROID 0x03 /* Android boot image */
+ulong genimg_get_kernel_addr_fit(char * const img_addr,
+ const char **fit_uname_config,
+ const char **fit_uname_kernel);
+ulong genimg_get_kernel_addr(char * const img_addr);
int genimg_get_format(const void *img_addr);
int genimg_has_config(bootm_headers_t *images);
ulong genimg_get_image(ulong img_addr);
int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
uint8_t arch, ulong *rd_start, ulong *rd_end);
+/**
+ * boot_get_loadable - routine to load a list of binaries to memory
+ * @argc: Ignored Argument
+ * @argv: Ignored Argument
+ * @images: pointer to the bootm images structure
+ * @arch: expected architecture for the image
+ * @ld_start: Ignored Argument
+ * @ld_len: Ignored Argument
+ *
+ * boot_get_loadable() will take the given FIT configuration, and look
+ * for a field named "loadables". Loadables, is a list of elements in
+ * the FIT given as strings. exe:
+ * loadables = "linux_kernel@1", "fdt@2";
+ * this function will attempt to parse each string, and load the
+ * corresponding element from the FIT into memory. Once placed,
+ * no aditional actions are taken.
+ *
+ * @return:
+ * 0, if only valid images or no images are found
+ * error code, if an error occurs during fit_image_load
+ */
+int boot_get_loadable(int argc, char * const argv[], bootm_headers_t *images,
+ uint8_t arch, const ulong *ld_start, ulong * const ld_len);
+#endif /* !USE_HOSTCC */
+
+int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
+ ulong *setup_start, ulong *setup_len);
+
/**
* fit_image_load() - load an image from a FIT
*
* out progress messages, checking the type/arch/os and optionally copying it
* to the right load address.
*
+ * The property to look up is defined by image_type.
+ *
* @param images Boot images structure
- * @param prop_name Property name to look up (FIT_..._PROP)
* @param addr Address of FIT in memory
* @param fit_unamep On entry this is the requested image name
* (e.g. "kernel@1") or NULL to use the default. On exit
* points to the selected image name
- * @param fit_uname_config Requested configuration name, or NULL for the
- * default
+ * @param fit_uname_configp On entry this is the requested configuration
+ * name (e.g. "conf@1") or NULL to use the default. On
+ * exit points to the selected configuration name.
* @param arch Expected architecture (IH_ARCH_...)
* @param image_type Required image type (IH_TYPE_...). If this is
* IH_TYPE_KERNEL then we allow IH_TYPE_KERNEL_NOLOAD
* @param load_op Decribes what to do with the load address
* @param datap Returns address of loaded image
* @param lenp Returns length of loaded image
+ * @return node offset of image, or -ve error code on error
*/
-int fit_image_load(bootm_headers_t *images, const char *prop_name, ulong addr,
- const char **fit_unamep, const char *fit_uname_config,
+int fit_image_load(bootm_headers_t *images, ulong addr,
+ const char **fit_unamep, const char **fit_uname_configp,
int arch, int image_type, int bootstage_id,
enum fit_load_op load_op, ulong *datap, ulong *lenp);
+#ifndef USE_HOSTCC
/**
* fit_get_node_from_config() - Look up an image a FIT by type
*
int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name,
ulong addr);
-int boot_get_fdt(int flag, int argc, char * const argv[],
- bootm_headers_t *images, char **of_flat_tree, ulong *of_size);
+int boot_get_fdt(int flag, int argc, char * const argv[], uint8_t arch,
+ bootm_headers_t *images,
+ char **of_flat_tree, ulong *of_size);
void boot_fdt_add_mem_rsv_regions(struct lmb *lmb, void *fdt_blob);
int boot_relocate_fdt(struct lmb *lmb, char **of_flat_tree, ulong *of_size);
ulong getenv_bootm_low(void);
phys_size_t getenv_bootm_size(void);
phys_size_t getenv_bootm_mapsize(void);
-void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
#endif
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
static inline int image_check_magic(const image_header_t *hdr)
{
*/
int image_setup_linux(bootm_headers_t *images);
+/**
+ * bootz_setup() - Extract stat and size of a Linux xImage
+ *
+ * @image: Address of image
+ * @start: Returns start address of image
+ * @end : Returns end address of image
+ * @return 0 if OK, 1 if the image was not recognised
+ */
+int bootz_setup(ulong image, ulong *start, ulong *end);
+
+
/*******************************************************************/
/* New uImage format specific code (prefixed with fit_) */
/*******************************************************************/
#define FIT_IMAGES_PATH "/images"
#define FIT_CONFS_PATH "/configurations"
-/* hash node */
+/* hash/signature node */
#define FIT_HASH_NODENAME "hash"
#define FIT_ALGO_PROP "algo"
#define FIT_VALUE_PROP "value"
#define FIT_IGNORE_PROP "uboot-ignore"
+#define FIT_SIG_NODENAME "signature"
/* image node */
#define FIT_DATA_PROP "data"
#define FIT_KERNEL_PROP "kernel"
#define FIT_RAMDISK_PROP "ramdisk"
#define FIT_FDT_PROP "fdt"
+#define FIT_LOADABLE_PROP "loadables"
#define FIT_DEFAULT_PROP "default"
+#define FIT_SETUP_PROP "setup"
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */
+#define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
/* cmdline argument format parsing */
int fit_parse_conf(const char *spec, ulong addr_curr,
int fit_parse_subimage(const char *spec, ulong addr_curr,
ulong *addr, const char **image_name);
+int fit_get_subimage_count(const void *fit, int images_noffset);
void fit_print_contents(const void *fit);
void fit_image_print(const void *fit, int noffset, const char *p);
int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
/**
- * fit_add_verification_data() - Calculate and add hashes to FIT
+ * fit_add_verification_data() - add verification data to FIT image nodes
+ *
+ * @keydir: Directory containing keys
+ * @kwydest: FDT blob to write public key information to
+ * @fit: Pointer to the FIT format image header
+ * @comment: Comment to add to signature nodes
+ * @require_keys: Mark all keys as 'required'
*
- * @fit: Fit image to process
- * @return 0 if ok, <0 for error
+ * Adds hash values for all component images in the FIT blob.
+ * Hashes are calculated for all component images which have hash subnodes
+ * with algorithm property set to one of the supported hash algorithms.
+ *
+ * Also add signatures if signature nodes are present.
+ *
+ * returns
+ * 0, on success
+ * libfdt error code, on failure
*/
-int fit_add_verification_data(void *fit);
+int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
+ const char *comment, int require_keys);
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
int fit_conf_find_compat(const void *fit, const void *fdt);
int fit_conf_get_node(const void *fit, const char *conf_uname);
-int fit_conf_get_kernel_node(const void *fit, int noffset);
-int fit_conf_get_ramdisk_node(const void *fit, int noffset);
-int fit_conf_get_fdt_node(const void *fit, int noffset);
/**
* fit_conf_get_prop_node() - Get node refered to by a configuration
uint8_t *value, int *value_len);
/*
- * At present we only support verification on the device
+ * At present we only support signing on the host, and verification on the
+ * device
*/
#if defined(CONFIG_FIT_SIGNATURE)
# ifdef USE_HOSTCC
-# define IMAGE_ENABLE_VERIFY 0
+# define IMAGE_ENABLE_SIGN 1
+# define IMAGE_ENABLE_VERIFY 1
+# include <openssl/evp.h>
#else
+# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY 1
# endif
#else
+# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY 0
#endif
#ifdef USE_HOSTCC
-# define gd_fdt_blob() NULL
+void *image_get_host_blob(void);
+void image_set_host_blob(void *host_blob);
+# define gd_fdt_blob() image_get_host_blob()
#else
# define gd_fdt_blob() (gd->fdt_blob)
#endif
#define IMAGE_ENABLE_BEST_MATCH 0
#endif
+/* Information passed to the signing routines */
+struct image_sign_info {
+ const char *keydir; /* Directory conaining keys */
+ const char *keyname; /* Name of key to use */
+ void *fit; /* Pointer to FIT blob */
+ int node_offset; /* Offset of signature node */
+ struct image_sig_algo *algo; /* Algorithm information */
+ const void *fdt_blob; /* FDT containing public keys */
+ int required_keynode; /* Node offset of key to use: -1=any */
+ const char *require_keys; /* Value for 'required' property */
+};
+
+/* A part of an image, used for hashing */
+struct image_region {
+ const void *data;
+ int size;
+};
+
+#if IMAGE_ENABLE_VERIFY
+# include <u-boot/rsa-checksum.h>
+#endif
+struct checksum_algo {
+ const char *name;
+ const int checksum_len;
+ const int pad_len;
+#if IMAGE_ENABLE_SIGN
+ const EVP_MD *(*calculate_sign)(void);
+#endif
+ int (*calculate)(const char *name,
+ const struct image_region region[],
+ int region_count, uint8_t *checksum);
+ const uint8_t *rsa_padding;
+};
+
+struct image_sig_algo {
+ const char *name; /* Name of algorithm */
+
+ /**
+ * sign() - calculate and return signature for given input data
+ *
+ * @info: Specifies key and FIT information
+ * @data: Pointer to the input data
+ * @data_len: Data length
+ * @sigp: Set to an allocated buffer holding the signature
+ * @sig_len: Set to length of the calculated hash
+ *
+ * This computes input data signature according to selected algorithm.
+ * Resulting signature value is placed in an allocated buffer, the
+ * pointer is returned as *sigp. The length of the calculated
+ * signature is returned via the sig_len pointer argument. The caller
+ * should free *sigp.
+ *
+ * @return: 0, on success, -ve on error
+ */
+ int (*sign)(struct image_sign_info *info,
+ const struct image_region region[],
+ int region_count, uint8_t **sigp, uint *sig_len);
+
+ /**
+ * add_verify_data() - Add verification information to FDT
+ *
+ * Add public key information to the FDT node, suitable for
+ * verification at run-time. The information added depends on the
+ * algorithm being used.
+ *
+ * @info: Specifies key and FIT information
+ * @keydest: Destination FDT blob for public key data
+ * @return: 0, on success, -ve on error
+ */
+ int (*add_verify_data)(struct image_sign_info *info, void *keydest);
+
+ /**
+ * verify() - Verify a signature against some data
+ *
+ * @info: Specifies key and FIT information
+ * @data: Pointer to the input data
+ * @data_len: Data length
+ * @sig: Signature
+ * @sig_len: Number of bytes in signature
+ * @return 0 if verified, -ve on error
+ */
+ int (*verify)(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t *sig, uint sig_len);
+
+ /* pointer to checksum algorithm */
+ struct checksum_algo *checksum;
+};
+
+/**
+ * image_get_sig_algo() - Look up a signature algortihm
+ *
+ * @param name Name of algorithm
+ * @return pointer to algorithm information, or NULL if not found
+ */
+struct image_sig_algo *image_get_sig_algo(const char *name);
+
+/**
+ * fit_image_verify_required_sigs() - Verify signatures marked as 'required'
+ *
+ * @fit: FIT to check
+ * @image_noffset: Offset of image node to check
+ * @data: Image data to check
+ * @size: Size of image data
+ * @sig_blob: FDT containing public keys
+ * @no_sigsp: Returns 1 if no signatures were required, and
+ * therefore nothing was checked. The caller may wish
+ * to fall back to other mechanisms, or refuse to
+ * boot.
+ * @return 0 if all verified ok, <0 on error
+ */
+int fit_image_verify_required_sigs(const void *fit, int image_noffset,
+ const char *data, size_t size, const void *sig_blob,
+ int *no_sigsp);
+
+/**
+ * fit_image_check_sig() - Check a single image signature node
+ *
+ * @fit: FIT to check
+ * @noffset: Offset of signature node to check
+ * @data: Image data to check
+ * @size: Size of image data
+ * @required_keynode: Offset in the control FDT of the required key node,
+ * if any. If this is given, then the image wil not
+ * pass verification unless that key is used. If this is
+ * -1 then any signature will do.
+ * @err_msgp: In the event of an error, this will be pointed to a
+ * help error string to display to the user.
+ * @return 0 if all verified ok, <0 on error
+ */
+int fit_image_check_sig(const void *fit, int noffset, const void *data,
+ size_t size, int required_keynode, char **err_msgp);
+
+/**
+ * fit_region_make_list() - Make a list of regions to hash
+ *
+ * Given a list of FIT regions (offset, size) provided by libfdt, create
+ * a list of regions (void *, size) for use by the signature creationg
+ * and verification code.
+ *
+ * @fit: FIT image to process
+ * @fdt_regions: Regions as returned by libfdt
+ * @count: Number of regions returned by libfdt
+ * @region: Place to put list of regions (NULL to allocate it)
+ * @return pointer to list of regions, or NULL if out of memory
+ */
+struct image_region *fit_region_make_list(const void *fit,
+ struct fdt_region *fdt_regions, int count,
+ struct image_region *region);
+
static inline int fit_image_check_target_arch(const void *fdt, int node)
{
+#ifndef USE_HOSTCC
return fit_image_check_arch(fdt, node, IH_ARCH_DEFAULT);
+#else
+ return 0;
+#endif
}
#ifdef CONFIG_FIT_VERBOSE
#endif /* CONFIG_FIT_VERBOSE */
#endif /* CONFIG_FIT */
+#if defined(CONFIG_ANDROID_BOOT_IMAGE)
+struct andr_img_hdr;
+int android_image_check_header(const struct andr_img_hdr *hdr);
+int android_image_get_kernel(const struct andr_img_hdr *hdr, int verify,
+ ulong *os_data, ulong *os_len);
+int android_image_get_ramdisk(const struct andr_img_hdr *hdr,
+ ulong *rd_data, ulong *rd_len);
+ulong android_image_get_end(const struct andr_img_hdr *hdr);
+ulong android_image_get_kload(const struct andr_img_hdr *hdr);
+
+#endif /* CONFIG_ANDROID_BOOT_IMAGE */
+
#endif /* __IMAGE_H__ */