diff options
| author | Tom Rini <trini@konsulko.com> | 2021-01-23 09:55:35 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2021-01-23 09:55:35 -0500 |
| commit | 757cec3a0314e88ca90bcc43589a065b7f76a57e (patch) | |
| tree | 2cb185c23e27ea7b8586b165c3455bf747d53ed8 | |
| parent | b577bc1c5fac9b15a075459a9841ef9ede1f1b80 (diff) | |
| parent | 09779488a924dbc4eb3b4ae145632f22b7f5a36c (diff) | |
| download | u-boot-757cec3a0314e88ca90bcc43589a065b7f76a57e.tar.gz | |
Merge branch '2021-01-22-tool-updates'
- Assorted updates to the tools/ code
| -rw-r--r-- | common/image-fit-sig.c | 14 | ||||
| -rw-r--r-- | common/image-fit.c | 15 | ||||
| -rw-r--r-- | tools/Makefile | 2 | ||||
| -rw-r--r-- | tools/env/fw_env.c | 2 | ||||
| -rw-r--r-- | tools/image-host.c | 152 | ||||
| -rw-r--r-- | tools/mkimage.c | 11 |
6 files changed, 112 insertions, 84 deletions
diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c index 5401d9411b9..d39741e9058 100644 --- a/common/image-fit-sig.c +++ b/common/image-fit-sig.c @@ -19,20 +19,6 @@ DECLARE_GLOBAL_DATA_PTR; #define IMAGE_MAX_HASHED_NODES 100 -#ifdef USE_HOSTCC -void *host_blob; - -void image_set_host_blob(void *blob) -{ - host_blob = blob; -} - -void *image_get_host_blob(void) -{ - return host_blob; -} -#endif - /** * fit_region_make_list() - Make a list of image regions * diff --git a/common/image-fit.c b/common/image-fit.c index 21c44bdf691..8660c3fd819 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -112,6 +112,21 @@ int fit_parse_subimage(const char *spec, ulong addr_curr, } #endif /* !USE_HOSTCC */ +#ifdef USE_HOSTCC +/* Host tools use these implementations for Cipher and Signature support */ +static void *host_blob; + +void image_set_host_blob(void *blob) +{ + host_blob = blob; +} + +void *image_get_host_blob(void) +{ + return host_blob; +} +#endif /* USE_HOSTCC */ + static void fit_get_debug(const void *fit, int noffset, char *prop_name, int err) { diff --git a/tools/Makefile b/tools/Makefile index 9b1aa51b10a..2d550432ba5 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -155,7 +155,7 @@ HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE endif # MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE),) +ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \ diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index 66cb9d2a25e..2a61a5d6f04 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -1208,7 +1208,7 @@ static int flash_write(int fd_current, int fd_target, int dev_target) if (IS_UBI(dev_target)) { if (ubi_update_start(fd_target, CUR_ENVSIZE) < 0) - return 0; + return -1; return ubi_write(fd_target, environment.image, CUR_ENVSIZE); } diff --git a/tools/image-host.c b/tools/image-host.c index e32cc642579..33a224129a0 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -700,13 +700,84 @@ static const char *fit_config_get_image_list(void *fit, int noffset, return default_list; } +static int fit_config_add_hash(void *fit, const char *conf_name, const char *sig_name, + struct strlist *node_inc, const char *iname, int image_noffset) +{ + char name[200], path[200]; + int noffset; + int hash_count; + int ret; + + ret = fdt_get_path(fit, image_noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + + snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, + conf_name); + + /* Add all this image's hashes */ + hash_count = 0; + for (noffset = fdt_first_subnode(fit, image_noffset); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset)) { + const char *name = fit_get_name(fit, noffset, NULL); + + if (strncmp(name, FIT_HASH_NODENAME, + strlen(FIT_HASH_NODENAME))) + continue; + ret = fdt_get_path(fit, noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + hash_count++; + } + + if (!hash_count) { + printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n", + conf_name, sig_name, iname); + return -ENOMSG; + } + + /* Add this image's cipher node if present */ + noffset = fdt_subnode_offset(fit, image_noffset, + FIT_CIPHER_NODENAME); + if (noffset != -FDT_ERR_NOTFOUND) { + if (noffset < 0) { + printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n", + conf_name, sig_name, iname, + fdt_strerror(noffset)); + return -EIO; + } + ret = fdt_get_path(fit, noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + } + + return 0; + +err_mem: + printf("Out of memory processing configuration '%s/%s'\n", conf_name, + sig_name); + return -ENOMEM; + +err_path: + printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n", + iname, conf_name, sig_name, fdt_strerror(ret)); + return -ENOENT; +} + static int fit_config_get_hash_list(void *fit, int conf_noffset, int sig_offset, struct strlist *node_inc) { int allow_missing; const char *prop, *iname, *end; const char *conf_name, *sig_name; - char name[200], path[200]; + char name[200]; int image_count; int ret, len; @@ -733,72 +804,32 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset, end = prop + len; image_count = 0; for (iname = prop; iname < end; iname += strlen(iname) + 1) { - int noffset; int image_noffset; - int hash_count; + int index, max_index; - image_noffset = fit_conf_get_prop_node(fit, conf_noffset, - iname); - if (image_noffset < 0) { - printf("Failed to find image '%s' in configuration '%s/%s'\n", - iname, conf_name, sig_name); - if (allow_missing) - continue; + max_index = fdt_stringlist_count(fit, conf_noffset, iname); - return -ENOENT; - } - - ret = fdt_get_path(fit, image_noffset, path, sizeof(path)); - if (ret < 0) - goto err_path; - if (strlist_add(node_inc, path)) - goto err_mem; + for (index = 0; index < max_index; index++) { + image_noffset = fit_conf_get_prop_node_index(fit, conf_noffset, + iname, index); - snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, - conf_name); + if (image_noffset < 0) { + printf("Failed to find image '%s' in configuration '%s/%s'\n", + iname, conf_name, sig_name); + if (allow_missing) + continue; - /* Add all this image's hashes */ - hash_count = 0; - for (noffset = fdt_first_subnode(fit, image_noffset); - noffset >= 0; - noffset = fdt_next_subnode(fit, noffset)) { - const char *name = fit_get_name(fit, noffset, NULL); + return -ENOENT; + } - if (strncmp(name, FIT_HASH_NODENAME, - strlen(FIT_HASH_NODENAME))) - continue; - ret = fdt_get_path(fit, noffset, path, sizeof(path)); + ret = fit_config_add_hash(fit, conf_name, + sig_name, node_inc, + iname, image_noffset); if (ret < 0) - goto err_path; - if (strlist_add(node_inc, path)) - goto err_mem; - hash_count++; - } + return ret; - if (!hash_count) { - printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n", - conf_name, sig_name, iname); - return -ENOMSG; + image_count++; } - - /* Add this image's cipher node if present */ - noffset = fdt_subnode_offset(fit, image_noffset, - FIT_CIPHER_NODENAME); - if (noffset != -FDT_ERR_NOTFOUND) { - if (noffset < 0) { - printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n", - conf_name, sig_name, iname, - fdt_strerror(noffset)); - return -EIO; - } - ret = fdt_get_path(fit, noffset, path, sizeof(path)); - if (ret < 0) - goto err_path; - if (strlist_add(node_inc, path)) - goto err_mem; - } - - image_count++; } if (!image_count) { @@ -813,11 +844,6 @@ err_mem: printf("Out of memory processing configuration '%s/%s'\n", conf_name, sig_name); return -ENOMEM; - -err_path: - printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n", - iname, conf_name, sig_name, fdt_strerror(ret)); - return -ENOENT; } static int fit_config_get_data(void *fit, int conf_noffset, int noffset, diff --git a/tools/mkimage.c b/tools/mkimage.c index e78608293e7..68d5206cb4f 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -94,18 +94,18 @@ static void usage(const char *msg) " -x ==> set XIP (execute in place)\n", params.cmdname); fprintf(stderr, - " %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-i <ramdisk.cpio.gz>] fit-image\n" + " %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image\n" " <dtb> file is used with -f auto, it may occur multiple times.\n", params.cmdname); fprintf(stderr, " -D => set all options for device tree compiler\n" " -f => input filename for FIT source\n" - " -i => input filename for ramdisk file\n"); + " -i => input filename for ramdisk file\n" + " -E => place data outside of the FIT structure\n" + " -B => align size in hex for FIT structure and header\n"); #ifdef CONFIG_FIT_SIGNATURE fprintf(stderr, - "Signing / verified boot options: [-E] [-B size] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" - " -E => place data outside of the FIT structure\n" - " -B => align size in hex for FIT structure and header\n" + "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" " -c => add comment in signature node\n" @@ -142,6 +142,7 @@ static int add_content(int type, const char *fname) return 0; } +#define OPT_STRING "a:A:b:B:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qstT:vVx" static void process_args(int argc, char **argv) { char *ptr; |