1 /*
2 * Copyright (c) 2013, Google Inc.
3 *
4 * (C) Copyright 2008 Semihalf
5 *
6 * (C) Copyright 2000-2006
7 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
8 *
9 * SPDX-License-Identifier: GPL-2.0+
10 */
11
12 #ifdef USE_HOSTCC
13 #include "mkimage.h"
14 #include <time.h>
15 #else
16 #include <linux/compiler.h>
17 #include <linux/kconfig.h>
18 #include <common.h>
19 #include <errno.h>
20 #include <mapmem.h>
21 #include <asm/io.h>
22 #include <malloc.h>
23 #include <crypto.h>
24
25 DECLARE_GLOBAL_DATA_PTR;
26 #endif /* !USE_HOSTCC*/
27
28 #include <image.h>
29 #include <bootstage.h>
30 #include <u-boot/crc.h>
31 #include <u-boot/md5.h>
32 #include <u-boot/sha1.h>
33 #include <u-boot/sha256.h>
34 #ifdef CONFIG_OPTEE_CLIENT
35 #include <optee_include/OpteeClientInterface.h>
36 #endif
37
38 #define __round_mask(x, y) ((__typeof__(x))((y)-1))
39 #define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1)
40
41 /*****************************************************************************/
42 /* New uImage format routines */
43 /*****************************************************************************/
44 #ifndef USE_HOSTCC
fit_parse_spec(const char * spec,char sepc,ulong addr_curr,ulong * addr,const char ** name)45 static int fit_parse_spec(const char *spec, char sepc, ulong addr_curr,
46 ulong *addr, const char **name)
47 {
48 const char *sep;
49
50 *addr = addr_curr;
51 *name = NULL;
52
53 sep = strchr(spec, sepc);
54 if (sep) {
55 if (sep - spec > 0)
56 *addr = simple_strtoul(spec, NULL, 16);
57
58 *name = sep + 1;
59 return 1;
60 }
61
62 return 0;
63 }
64
65 /**
66 * fit_parse_conf - parse FIT configuration spec
67 * @spec: input string, containing configuration spec
68 * @add_curr: current image address (to be used as a possible default)
69 * @addr: pointer to a ulong variable, will hold FIT image address of a given
70 * configuration
71 * @conf_name double pointer to a char, will hold pointer to a configuration
72 * unit name
73 *
74 * fit_parse_conf() expects configuration spec in the form of [<addr>]#<conf>,
75 * where <addr> is a FIT image address that contains configuration
76 * with a <conf> unit name.
77 *
78 * Address part is optional, and if omitted default add_curr will
79 * be used instead.
80 *
81 * returns:
82 * 1 if spec is a valid configuration string,
83 * addr and conf_name are set accordingly
84 * 0 otherwise
85 */
fit_parse_conf(const char * spec,ulong addr_curr,ulong * addr,const char ** conf_name)86 int fit_parse_conf(const char *spec, ulong addr_curr,
87 ulong *addr, const char **conf_name)
88 {
89 return fit_parse_spec(spec, '#', addr_curr, addr, conf_name);
90 }
91
92 /**
93 * fit_parse_subimage - parse FIT subimage spec
94 * @spec: input string, containing subimage spec
95 * @add_curr: current image address (to be used as a possible default)
96 * @addr: pointer to a ulong variable, will hold FIT image address of a given
97 * subimage
98 * @image_name: double pointer to a char, will hold pointer to a subimage name
99 *
100 * fit_parse_subimage() expects subimage spec in the form of
101 * [<addr>]:<subimage>, where <addr> is a FIT image address that contains
102 * subimage with a <subimg> unit name.
103 *
104 * Address part is optional, and if omitted default add_curr will
105 * be used instead.
106 *
107 * returns:
108 * 1 if spec is a valid subimage string,
109 * addr and image_name are set accordingly
110 * 0 otherwise
111 */
fit_parse_subimage(const char * spec,ulong addr_curr,ulong * addr,const char ** image_name)112 int fit_parse_subimage(const char *spec, ulong addr_curr,
113 ulong *addr, const char **image_name)
114 {
115 return fit_parse_spec(spec, ':', addr_curr, addr, image_name);
116 }
117 #endif /* !USE_HOSTCC */
118
fit_get_debug(const void * fit,int noffset,char * prop_name,int err)119 static void fit_get_debug(const void *fit, int noffset,
120 char *prop_name, int err)
121 {
122 debug("Can't get '%s' property from FIT 0x%08lx, node: offset %d, name %s (%s)\n",
123 prop_name, (ulong)fit, noffset, fit_get_name(fit, noffset, NULL),
124 fdt_strerror(err));
125 }
126
127 /**
128 * fit_get_subimage_count - get component (sub-image) count
129 * @fit: pointer to the FIT format image header
130 * @images_noffset: offset of images node
131 *
132 * returns:
133 * number of image components
134 */
fit_get_subimage_count(const void * fit,int images_noffset)135 int fit_get_subimage_count(const void *fit, int images_noffset)
136 {
137 int noffset;
138 int ndepth;
139 int count = 0;
140
141 /* Process its subnodes, print out component images details */
142 for (ndepth = 0, count = 0,
143 noffset = fdt_next_node(fit, images_noffset, &ndepth);
144 (noffset >= 0) && (ndepth > 0);
145 noffset = fdt_next_node(fit, noffset, &ndepth)) {
146 if (ndepth == 1) {
147 count++;
148 }
149 }
150
151 return count;
152 }
153
154 #if !defined(CONFIG_SPL_BUILD) || defined(CONFIG_FIT_SPL_PRINT)
155 /**
156 * fit_print_contents - prints out the contents of the FIT format image
157 * @fit: pointer to the FIT format image header
158 * @p: pointer to prefix string
159 *
160 * fit_print_contents() formats a multi line FIT image contents description.
161 * The routine prints out FIT image properties (root node level) followed by
162 * the details of each component image.
163 *
164 * returns:
165 * no returned results
166 */
fit_print_contents(const void * fit)167 void fit_print_contents(const void *fit)
168 {
169 char *desc;
170 char *uname;
171 int images_noffset;
172 int confs_noffset;
173 int noffset;
174 int ndepth;
175 int count = 0;
176 int ret;
177 const char *p;
178 time_t timestamp;
179
180 /* Indent string is defined in header image.h */
181 p = IMAGE_INDENT_STRING;
182
183 /* Root node properties */
184 ret = fit_get_desc(fit, 0, &desc);
185 printf("%sFIT description: ", p);
186 if (ret)
187 printf("unavailable\n");
188 else
189 printf("%s\n", desc);
190
191 if (IMAGE_ENABLE_TIMESTAMP) {
192 ret = fit_get_timestamp(fit, 0, ×tamp);
193 printf("%sCreated: ", p);
194 if (ret)
195 printf("unavailable\n");
196 else
197 genimg_print_time(timestamp);
198 }
199
200 /* Find images parent node offset */
201 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
202 if (images_noffset < 0) {
203 printf("Can't find images parent node '%s' (%s)\n",
204 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
205 return;
206 }
207
208 /* Process its subnodes, print out component images details */
209 for (ndepth = 0, count = 0,
210 noffset = fdt_next_node(fit, images_noffset, &ndepth);
211 (noffset >= 0) && (ndepth > 0);
212 noffset = fdt_next_node(fit, noffset, &ndepth)) {
213 if (ndepth == 1) {
214 /*
215 * Direct child node of the images parent node,
216 * i.e. component image node.
217 */
218 printf("%s Image %u (%s)\n", p, count++,
219 fit_get_name(fit, noffset, NULL));
220
221 fit_image_print(fit, noffset, p);
222 }
223 }
224
225 /* Find configurations parent node offset */
226 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
227 if (confs_noffset < 0) {
228 debug("Can't get configurations parent node '%s' (%s)\n",
229 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
230 return;
231 }
232
233 /* get default configuration unit name from default property */
234 uname = (char *)fdt_getprop(fit, noffset, FIT_DEFAULT_PROP, NULL);
235 if (uname)
236 printf("%s Default Configuration: '%s'\n", p, uname);
237
238 /* Process its subnodes, print out configurations details */
239 for (ndepth = 0, count = 0,
240 noffset = fdt_next_node(fit, confs_noffset, &ndepth);
241 (noffset >= 0) && (ndepth > 0);
242 noffset = fdt_next_node(fit, noffset, &ndepth)) {
243 if (ndepth == 1) {
244 /*
245 * Direct child node of the configurations parent node,
246 * i.e. configuration node.
247 */
248 printf("%s Configuration %u (%s)\n", p, count++,
249 fit_get_name(fit, noffset, NULL));
250
251 fit_conf_print(fit, noffset, p);
252 }
253 }
254 }
255
256 /**
257 * fit_image_print_data() - prints out the hash node details
258 * @fit: pointer to the FIT format image header
259 * @noffset: offset of the hash node
260 * @p: pointer to prefix string
261 * @type: Type of information to print ("hash" or "sign")
262 *
263 * fit_image_print_data() lists properties for the processed hash node
264 *
265 * This function avoid using puts() since it prints a newline on the host
266 * but does not in U-Boot.
267 *
268 * returns:
269 * no returned results
270 */
fit_image_print_data(const void * fit,int noffset,const char * p,const char * type)271 static void fit_image_print_data(const void *fit, int noffset, const char *p,
272 const char *type)
273 {
274 const char *keyname;
275 uint8_t *value;
276 int value_len;
277 char *algo;
278 int required;
279 int ret, i;
280
281 debug("%s %s node: '%s'\n", p, type,
282 fit_get_name(fit, noffset, NULL));
283 printf("%s %s algo: ", p, type);
284 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
285 printf("invalid/unsupported\n");
286 return;
287 }
288 printf("%s", algo);
289 keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
290 required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
291 if (keyname)
292 printf(":%s", keyname);
293 if (required)
294 printf(" (required)");
295 printf("\n");
296
297 ret = fit_image_hash_get_value(fit, noffset, &value,
298 &value_len);
299 printf("%s %s value: ", p, type);
300 if (ret) {
301 printf("unavailable\n");
302 } else {
303 for (i = 0; i < value_len; i++)
304 printf("%02x", value[i]);
305 printf("\n");
306 }
307
308 debug("%s %s len: %d\n", p, type, value_len);
309
310 /* Signatures have a time stamp */
311 if (IMAGE_ENABLE_TIMESTAMP && keyname) {
312 time_t timestamp;
313
314 printf("%s Timestamp: ", p);
315 if (fit_get_timestamp(fit, noffset, ×tamp))
316 printf("unavailable\n");
317 else
318 genimg_print_time(timestamp);
319 }
320 }
321
322 /**
323 * fit_image_print_verification_data() - prints out the hash/signature details
324 * @fit: pointer to the FIT format image header
325 * @noffset: offset of the hash or signature node
326 * @p: pointer to prefix string
327 *
328 * This lists properties for the processed hash node
329 *
330 * returns:
331 * no returned results
332 */
fit_image_print_verification_data(const void * fit,int noffset,const char * p)333 static void fit_image_print_verification_data(const void *fit, int noffset,
334 const char *p)
335 {
336 const char *name;
337
338 /*
339 * Check subnode name, must be equal to "hash" or "signature".
340 * Multiple hash/signature nodes require unique unit node
341 * names, e.g. hash@1, hash@2, signature@1, signature@2, etc.
342 */
343 name = fit_get_name(fit, noffset, NULL);
344 if (!strncmp(name, FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME))) {
345 fit_image_print_data(fit, noffset, p, "Hash");
346 } else if (!strncmp(name, FIT_SIG_NODENAME,
347 strlen(FIT_SIG_NODENAME))) {
348 fit_image_print_data(fit, noffset, p, "Sign");
349 }
350 }
351
352 /**
353 * fit_image_print - prints out the FIT component image details
354 * @fit: pointer to the FIT format image header
355 * @image_noffset: offset of the component image node
356 * @p: pointer to prefix string
357 *
358 * fit_image_print() lists all mandatory properties for the processed component
359 * image. If present, hash nodes are printed out as well. Load
360 * address for images of type firmware is also printed out. Since the load
361 * address is not mandatory for firmware images, it will be output as
362 * "unavailable" when not present.
363 *
364 * returns:
365 * no returned results
366 */
fit_image_print(const void * fit,int image_noffset,const char * p)367 void fit_image_print(const void *fit, int image_noffset, const char *p)
368 {
369 char *desc;
370 uint8_t type, arch, os, comp;
371 size_t size;
372 ulong load, entry;
373 const void *data;
374 int noffset;
375 int ndepth;
376 int ret;
377
378 /* Mandatory properties */
379 ret = fit_get_desc(fit, image_noffset, &desc);
380 printf("%s Description: ", p);
381 if (ret)
382 printf("unavailable\n");
383 else
384 printf("%s\n", desc);
385
386 if (IMAGE_ENABLE_TIMESTAMP) {
387 time_t timestamp;
388
389 ret = fit_get_timestamp(fit, 0, ×tamp);
390 printf("%s Created: ", p);
391 if (ret)
392 printf("unavailable\n");
393 else
394 genimg_print_time(timestamp);
395 }
396
397 fit_image_get_type(fit, image_noffset, &type);
398 printf("%s Type: %s\n", p, genimg_get_type_name(type));
399
400 fit_image_get_comp(fit, image_noffset, &comp);
401 printf("%s Compression: %s\n", p, genimg_get_comp_name(comp));
402
403 ret = fit_image_get_data(fit, image_noffset, &data, &size);
404
405 #ifndef USE_HOSTCC
406 printf("%s Data Start: ", p);
407 if (ret) {
408 printf("unavailable\n");
409 } else {
410 void *vdata = (void *)data;
411
412 printf("0x%08lx\n", (ulong)map_to_sysmem(vdata));
413 }
414 #endif
415
416 printf("%s Data Size: ", p);
417 if (ret)
418 printf("unavailable\n");
419 else
420 genimg_print_size(size);
421
422 /* Remaining, type dependent properties */
423 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
424 (type == IH_TYPE_RAMDISK) || (type == IH_TYPE_FIRMWARE) ||
425 (type == IH_TYPE_FLATDT)) {
426 fit_image_get_arch(fit, image_noffset, &arch);
427 printf("%s Architecture: %s\n", p, genimg_get_arch_name(arch));
428 }
429
430 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_RAMDISK)) {
431 fit_image_get_os(fit, image_noffset, &os);
432 printf("%s OS: %s\n", p, genimg_get_os_name(os));
433 }
434
435 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
436 (type == IH_TYPE_FIRMWARE) || (type == IH_TYPE_RAMDISK) ||
437 (type == IH_TYPE_FPGA)) {
438 ret = fit_image_get_load(fit, image_noffset, &load);
439 printf("%s Load Address: ", p);
440 if (ret)
441 printf("unavailable\n");
442 else
443 printf("0x%08lx\n", load);
444 }
445
446 /* optional load address for FDT */
447 if (type == IH_TYPE_FLATDT && !fit_image_get_load(fit, image_noffset, &load))
448 printf("%s Load Address: 0x%08lx\n", p, load);
449
450 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
451 (type == IH_TYPE_RAMDISK)) {
452 ret = fit_image_get_entry(fit, image_noffset, &entry);
453 printf("%s Entry Point: ", p);
454 if (ret)
455 printf("unavailable\n");
456 else
457 printf("0x%08lx\n", entry);
458 }
459
460 /* Process all hash subnodes of the component image node */
461 for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth);
462 (noffset >= 0) && (ndepth > 0);
463 noffset = fdt_next_node(fit, noffset, &ndepth)) {
464 if (ndepth == 1) {
465 /* Direct child node of the component image node */
466 fit_image_print_verification_data(fit, noffset, p);
467 }
468 }
469 }
470
471 #endif /* !defined(CONFIG_SPL_BUILD) || defined(CONFIG_FIT_SPL_PRINT) */
472
473 /**
474 * fit_get_desc - get node description property
475 * @fit: pointer to the FIT format image header
476 * @noffset: node offset
477 * @desc: double pointer to the char, will hold pointer to the description
478 *
479 * fit_get_desc() reads description property from a given node, if
480 * description is found pointer to it is returned in third call argument.
481 *
482 * returns:
483 * 0, on success
484 * -1, on failure
485 */
fit_get_desc(const void * fit,int noffset,char ** desc)486 int fit_get_desc(const void *fit, int noffset, char **desc)
487 {
488 int len;
489
490 *desc = (char *)fdt_getprop(fit, noffset, FIT_DESC_PROP, &len);
491 if (*desc == NULL) {
492 fit_get_debug(fit, noffset, FIT_DESC_PROP, len);
493 return -1;
494 }
495
496 return 0;
497 }
498
499 /**
500 * fit_get_timestamp - get node timestamp property
501 * @fit: pointer to the FIT format image header
502 * @noffset: node offset
503 * @timestamp: pointer to the time_t, will hold read timestamp
504 *
505 * fit_get_timestamp() reads timestamp property from given node, if timestamp
506 * is found and has a correct size its value is returned in third call
507 * argument.
508 *
509 * returns:
510 * 0, on success
511 * -1, on property read failure
512 * -2, on wrong timestamp size
513 */
fit_get_timestamp(const void * fit,int noffset,time_t * timestamp)514 int fit_get_timestamp(const void *fit, int noffset, time_t *timestamp)
515 {
516 int len;
517 const void *data;
518
519 data = fdt_getprop(fit, noffset, FIT_TIMESTAMP_PROP, &len);
520 if (data == NULL) {
521 fit_get_debug(fit, noffset, FIT_TIMESTAMP_PROP, len);
522 return -1;
523 }
524 if (len != sizeof(uint32_t)) {
525 debug("FIT timestamp with incorrect size of (%u)\n", len);
526 return -2;
527 }
528
529 *timestamp = uimage_to_cpu(*((uint32_t *)data));
530 return 0;
531 }
532
533 /**
534 * fit_get_totalsize - get node totalsize property.
535 *
536 * @fit: pointer to the FIT image header
537 * @totalsize: holds the /totalsize property
538 *
539 * returns:
540 * 0, on success
541 * -ENOENT if the property could not be found
542 */
fit_get_totalsize(const void * fit,int * totalsize)543 int fit_get_totalsize(const void *fit, int *totalsize)
544 {
545 const fdt32_t *val;
546
547 val = fdt_getprop(fit, 0, FIT_TOTALSIZE_PROP, NULL);
548 if (!val)
549 return -ENOENT;
550
551 *totalsize = fdt32_to_cpu(*val);
552
553 return 0;
554 }
555
556 /**
557 * fit_image_get_node - get node offset for component image of a given unit name
558 * @fit: pointer to the FIT format image header
559 * @image_uname: component image node unit name
560 *
561 * fit_image_get_node() finds a component image (within the '/images'
562 * node) of a provided unit name. If image is found its node offset is
563 * returned to the caller.
564 *
565 * returns:
566 * image node offset when found (>=0)
567 * negative number on failure (FDT_ERR_* code)
568 */
fit_image_get_node(const void * fit,const char * image_uname)569 int fit_image_get_node(const void *fit, const char *image_uname)
570 {
571 int noffset, images_noffset;
572
573 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
574 if (images_noffset < 0) {
575 debug("Can't find images parent node '%s' (%s)\n",
576 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
577 return images_noffset;
578 }
579
580 noffset = fdt_subnode_offset(fit, images_noffset, image_uname);
581 if (noffset < 0) {
582 debug("Can't get node offset for image unit name: '%s' (%s)\n",
583 image_uname, fdt_strerror(noffset));
584 }
585
586 return noffset;
587 }
588
589 /**
590 * fit_image_get_os - get os id for a given component image node
591 * @fit: pointer to the FIT format image header
592 * @noffset: component image node offset
593 * @os: pointer to the uint8_t, will hold os numeric id
594 *
595 * fit_image_get_os() finds os property in a given component image node.
596 * If the property is found, its (string) value is translated to the numeric
597 * id which is returned to the caller.
598 *
599 * returns:
600 * 0, on success
601 * -1, on failure
602 */
fit_image_get_os(const void * fit,int noffset,uint8_t * os)603 int fit_image_get_os(const void *fit, int noffset, uint8_t *os)
604 {
605 int len;
606 const void *data;
607
608 /* Get OS name from property data */
609 data = fdt_getprop(fit, noffset, FIT_OS_PROP, &len);
610 if (data == NULL) {
611 fit_get_debug(fit, noffset, FIT_OS_PROP, len);
612 *os = -1;
613 return -1;
614 }
615
616 /* Translate OS name to id */
617 *os = genimg_get_os_id(data);
618 return 0;
619 }
620
621 /**
622 * fit_image_get_arch - get arch id for a given component image node
623 * @fit: pointer to the FIT format image header
624 * @noffset: component image node offset
625 * @arch: pointer to the uint8_t, will hold arch numeric id
626 *
627 * fit_image_get_arch() finds arch property in a given component image node.
628 * If the property is found, its (string) value is translated to the numeric
629 * id which is returned to the caller.
630 *
631 * returns:
632 * 0, on success
633 * -1, on failure
634 */
fit_image_get_arch(const void * fit,int noffset,uint8_t * arch)635 int fit_image_get_arch(const void *fit, int noffset, uint8_t *arch)
636 {
637 int len;
638 const void *data;
639
640 /* Get architecture name from property data */
641 data = fdt_getprop(fit, noffset, FIT_ARCH_PROP, &len);
642 if (data == NULL) {
643 fit_get_debug(fit, noffset, FIT_ARCH_PROP, len);
644 *arch = -1;
645 return -1;
646 }
647
648 /* Translate architecture name to id */
649 *arch = genimg_get_arch_id(data);
650 return 0;
651 }
652
653 /**
654 * fit_image_get_type - get type id for a given component image node
655 * @fit: pointer to the FIT format image header
656 * @noffset: component image node offset
657 * @type: pointer to the uint8_t, will hold type numeric id
658 *
659 * fit_image_get_type() finds type property in a given component image node.
660 * If the property is found, its (string) value is translated to the numeric
661 * id which is returned to the caller.
662 *
663 * returns:
664 * 0, on success
665 * -1, on failure
666 */
fit_image_get_type(const void * fit,int noffset,uint8_t * type)667 int fit_image_get_type(const void *fit, int noffset, uint8_t *type)
668 {
669 int len;
670 const void *data;
671
672 /* Get image type name from property data */
673 data = fdt_getprop(fit, noffset, FIT_TYPE_PROP, &len);
674 if (data == NULL) {
675 fit_get_debug(fit, noffset, FIT_TYPE_PROP, len);
676 *type = -1;
677 return -1;
678 }
679
680 /* Translate image type name to id */
681 *type = genimg_get_type_id(data);
682 return 0;
683 }
684
685 /**
686 * fit_image_get_comp - get comp id for a given component image node
687 * @fit: pointer to the FIT format image header
688 * @noffset: component image node offset
689 * @comp: pointer to the uint8_t, will hold comp numeric id
690 *
691 * fit_image_get_comp() finds comp property in a given component image node.
692 * If the property is found, its (string) value is translated to the numeric
693 * id which is returned to the caller.
694 *
695 * returns:
696 * 0, on success
697 * -1, on failure
698 */
fit_image_get_comp(const void * fit,int noffset,uint8_t * comp)699 int fit_image_get_comp(const void *fit, int noffset, uint8_t *comp)
700 {
701 int len;
702 const void *data;
703
704 /* Get compression name from property data */
705 data = fdt_getprop(fit, noffset, FIT_COMP_PROP, &len);
706 if (data == NULL) {
707 fit_get_debug(fit, noffset, FIT_COMP_PROP, len);
708 *comp = -1;
709 return -1;
710 }
711
712 /* Translate compression name to id */
713 *comp = genimg_get_comp_id(data);
714 return 0;
715 }
716
fit_image_is_preload(const void * fit,int noffset)717 bool fit_image_is_preload(const void *fit, int noffset)
718 {
719 int len;
720 int *data;
721
722 data = (int *)fdt_getprop(fit, noffset, FIT_PRE_LOAD_PROP, &len);
723 if (data == NULL || len != sizeof(int)) {
724 fit_get_debug(fit, noffset, FIT_PRE_LOAD_PROP, len);
725 return false;
726 }
727
728 if (fdt32_to_cpu(*data) != 1)
729 return false;
730
731 return true;
732 }
733
fit_image_get_address(const void * fit,int noffset,char * name,ulong * load)734 static int fit_image_get_address(const void *fit, int noffset, char *name,
735 ulong *load)
736 {
737 int len, cell_len;
738 const fdt32_t *cell;
739 uint64_t load64 = 0;
740
741 cell = fdt_getprop(fit, noffset, name, &len);
742 if (cell == NULL) {
743 fit_get_debug(fit, noffset, name, len);
744 return -1;
745 }
746
747 if (len > sizeof(ulong)) {
748 printf("Unsupported %s address size\n", name);
749 return -1;
750 }
751
752 cell_len = len >> 2;
753 /* Use load64 to avoid compiling warning for 32-bit target */
754 while (cell_len--) {
755 load64 = (load64 << 32) | uimage_to_cpu(*cell);
756 cell++;
757 }
758 *load = (ulong)load64;
759
760 return 0;
761 }
762
fit_image_set_address(const void * fit,int noffset,char * name,ulong addr)763 static int fit_image_set_address(const void *fit, int noffset, char *name,
764 ulong addr)
765 {
766 int len, cell_len;
767 const fdt32_t *cell;
768
769 cell = fdt_getprop(fit, noffset, name, &len);
770 if (cell == NULL) {
771 fit_get_debug(fit, noffset, name, len);
772 return -1;
773 }
774
775 if (len > sizeof(ulong)) {
776 printf("Unsupported %s address size\n", name);
777 return -1;
778 }
779
780 cell_len = len >> 2;
781 /* Use load64 to avoid compiling warning for 32-bit target */
782 while (cell_len--) {
783 *(fdt32_t *)cell = cpu_to_uimage(addr >> (32 * cell_len));
784 cell++;
785 }
786
787 return 0;
788 }
789
790 /**
791 * fit_image_get_load() - get load addr property for given component image node
792 * @fit: pointer to the FIT format image header
793 * @noffset: component image node offset
794 * @load: pointer to the uint32_t, will hold load address
795 *
796 * fit_image_get_load() finds load address property in a given component
797 * image node. If the property is found, its value is returned to the caller.
798 *
799 * returns:
800 * 0, on success
801 * -1, on failure
802 */
fit_image_get_load(const void * fit,int noffset,ulong * load)803 int fit_image_get_load(const void *fit, int noffset, ulong *load)
804 {
805 return fit_image_get_address(fit, noffset, FIT_LOAD_PROP, load);
806 }
807
808 /**
809 * fit_image_get_comp_addr() - get compress addr property for given component image node
810 * @fit: pointer to the FIT format image header
811 * @noffset: component image node offset
812 * @comp: pointer to the uint32_t, will hold load address
813 *
814 * fit_image_get_comp_addr() finds compress address property in a given component
815 * image node. If the property is found, its value is returned to the caller.
816 *
817 * returns:
818 * 0, on success
819 * -1, on failure
820 */
fit_image_get_comp_addr(const void * fit,int noffset,ulong * comp)821 int fit_image_get_comp_addr(const void *fit, int noffset, ulong *comp)
822 {
823 return fit_image_get_address(fit, noffset, FIT_COMP_ADDR_PROP, comp);
824 }
825
826 /**
827 * fit_image_get_cipher_addr() - get cipher addr property for given component image node
828 * @fit: pointer to the FIT format image header
829 * @noffset: component image node offset
830 * @cipher: pointer to the uint32_t, will hold load address
831 *
832 * fit_image_get_cipher_addr() finds cipher address property in a given component
833 * image node. If the property is found, its value is returned to the caller.
834 *
835 * returns:
836 * 0, on success
837 * -1, on failure
838 */
fit_image_get_cipher_addr(const void * fit,int noffset,ulong * cipher)839 int fit_image_get_cipher_addr(const void *fit, int noffset, ulong *cipher)
840 {
841 return fit_image_get_address(fit, noffset, FIT_CIPHER_ADDR_PROP, cipher);
842 }
843
844 /**
845 * fit_image_set_load() - set load addr property for given component image node
846 * @fit: pointer to the FIT format image header
847 * @noffset: component image node offset
848 * @load: uint32_t value, will hold load address
849 *
850 * fit_image_set_load() finds and set load address property in a given component
851 * image node. If the property is found, its value is returned to the caller.
852 *
853 * returns:
854 * 0, on success
855 * -1, on failure
856 */
fit_image_set_load(const void * fit,int noffset,ulong load)857 int fit_image_set_load(const void *fit, int noffset, ulong load)
858 {
859 return fit_image_set_address(fit, noffset, FIT_LOAD_PROP, load);
860 }
861
862 /**
863 * fit_image_get_entry() - get entry point address property
864 * @fit: pointer to the FIT format image header
865 * @noffset: component image node offset
866 * @entry: pointer to the uint32_t, will hold entry point address
867 *
868 * This gets the entry point address property for a given component image
869 * node.
870 *
871 * fit_image_get_entry() finds entry point address property in a given
872 * component image node. If the property is found, its value is returned
873 * to the caller.
874 *
875 * returns:
876 * 0, on success
877 * -1, on failure
878 */
fit_image_get_entry(const void * fit,int noffset,ulong * entry)879 int fit_image_get_entry(const void *fit, int noffset, ulong *entry)
880 {
881 return fit_image_get_address(fit, noffset, FIT_ENTRY_PROP, entry);
882 }
883
884 /**
885 * fit_image_set_entry() - set entry point address property
886 * @fit: pointer to the FIT format image header
887 * @noffset: component image node offset
888 * @entry: uint32_t value, will hold entry point address
889 *
890 * This sets the entry point address property for a given component image
891 * node.
892 *
893 * fit_image_set_entry() finds and set entry point address property in a given
894 * component image node. If the property is found, its value is returned
895 * to the caller.
896 *
897 * returns:
898 * 0, on success
899 * -1, on failure
900 */
fit_image_set_entry(const void * fit,int noffset,ulong entry)901 int fit_image_set_entry(const void *fit, int noffset, ulong entry)
902 {
903 return fit_image_set_address(fit, noffset, FIT_ENTRY_PROP, entry);
904 }
905
906 /**
907 * fit_image_get_data - get data property and its size for a given component image node
908 * @fit: pointer to the FIT format image header
909 * @noffset: component image node offset
910 * @data: double pointer to void, will hold data property's data address
911 * @size: pointer to size_t, will hold data property's data size
912 *
913 * fit_image_get_data() finds data property in a given component image node.
914 * If the property is found its data start address and size are returned to
915 * the caller.
916 *
917 * returns:
918 * 0, on success
919 * -1, on failure
920 */
fit_image_get_data(const void * fit,int noffset,const void ** data,size_t * size)921 int fit_image_get_data(const void *fit, int noffset,
922 const void **data, size_t *size)
923 {
924 ulong data_off = 0;
925 ulong data_pos = 0;
926 int len;
927
928 /* data */
929 *data = fdt_getprop(fit, noffset, FIT_DATA_PROP, &len);
930 if (*data) {
931 *size = len;
932 return 0;
933 }
934
935 /* data-size */
936 if (fit_image_get_data_size(fit, noffset, &len))
937 return -ENOENT;
938
939 /* data-offset */
940 if (!fit_image_get_data_offset(fit, noffset, (int *)&data_off)) {
941 data_off += (ulong)fit + FIT_ALIGN(fdt_totalsize(fit));
942 *data = (void *)data_off;
943 *size = len;
944 return 0;
945 }
946
947 /* data-position */
948 if (!fit_image_get_data_position(fit, noffset, (int *)&data_pos)) {
949 *data = (void *)(data_pos + (ulong)fit);
950 *size = len;
951 return 0;
952 }
953
954 *size = 0;
955 return -1;
956 }
957
958 /**
959 * Get 'data-offset' property from a given image node.
960 *
961 * @fit: pointer to the FIT image header
962 * @noffset: component image node offset
963 * @data_offset: holds the data-offset property
964 *
965 * returns:
966 * 0, on success
967 * -ENOENT if the property could not be found
968 */
fit_image_get_data_offset(const void * fit,int noffset,int * data_offset)969 int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset)
970 {
971 const fdt32_t *val;
972
973 val = fdt_getprop(fit, noffset, FIT_DATA_OFFSET_PROP, NULL);
974 if (!val)
975 return -ENOENT;
976
977 *data_offset = fdt32_to_cpu(*val);
978
979 return 0;
980 }
981
982 /**
983 * Get 'data-position' property from a given image node.
984 *
985 * @fit: pointer to the FIT image header
986 * @noffset: component image node offset
987 * @data_position: holds the data-position property
988 *
989 * returns:
990 * 0, on success
991 * -ENOENT if the property could not be found
992 */
fit_image_get_data_position(const void * fit,int noffset,int * data_position)993 int fit_image_get_data_position(const void *fit, int noffset,
994 int *data_position)
995 {
996 const fdt32_t *val;
997
998 val = fdt_getprop(fit, noffset, FIT_DATA_POSITION_PROP, NULL);
999 if (!val)
1000 return -ENOENT;
1001
1002 *data_position = fdt32_to_cpu(*val);
1003
1004 return 0;
1005 }
1006
1007 /**
1008 * Get 'data-size' property from a given image node.
1009 *
1010 * @fit: pointer to the FIT image header
1011 * @noffset: component image node offset
1012 * @data_size: holds the data-size property
1013 *
1014 * returns:
1015 * 0, on success
1016 * -ENOENT if the property could not be found
1017 */
fit_image_get_data_size(const void * fit,int noffset,int * data_size)1018 int fit_image_get_data_size(const void *fit, int noffset, int *data_size)
1019 {
1020 const fdt32_t *val;
1021
1022 val = fdt_getprop(fit, noffset, FIT_DATA_SIZE_PROP, NULL);
1023 if (!val)
1024 return -ENOENT;
1025
1026 *data_size = fdt32_to_cpu(*val);
1027
1028 return 0;
1029 }
1030
1031 /**
1032 * Get 'rollback-index' property from a given image node.
1033 *
1034 * @fit: pointer to the FIT image header
1035 * @noffset: component image node offset
1036 * @index: holds the rollback-index property
1037 *
1038 * returns:
1039 * 0, on success
1040 * -ENOENT if the property could not be found
1041 */
fit_image_get_rollback_index(const void * fit,int noffset,uint32_t * index)1042 int fit_image_get_rollback_index(const void *fit, int noffset, uint32_t *index)
1043 {
1044 const fdt32_t *val;
1045
1046 val = fdt_getprop(fit, noffset, FIT_ROLLBACK_PROP, NULL);
1047 if (!val)
1048 return -ENOENT;
1049
1050 *index = fdt32_to_cpu(*val);
1051
1052 return 0;
1053 }
1054
1055 /**
1056 * fit_image_hash_get_algo - get hash algorithm name
1057 * @fit: pointer to the FIT format image header
1058 * @noffset: hash node offset
1059 * @algo: double pointer to char, will hold pointer to the algorithm name
1060 *
1061 * fit_image_hash_get_algo() finds hash algorithm property in a given hash node.
1062 * If the property is found its data start address is returned to the caller.
1063 *
1064 * returns:
1065 * 0, on success
1066 * -1, on failure
1067 */
fit_image_hash_get_algo(const void * fit,int noffset,char ** algo)1068 int fit_image_hash_get_algo(const void *fit, int noffset, char **algo)
1069 {
1070 int len;
1071
1072 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
1073 if (*algo == NULL) {
1074 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
1075 return -1;
1076 }
1077
1078 return 0;
1079 }
1080
1081 /**
1082 * fit_image_hash_get_value - get hash value and length
1083 * @fit: pointer to the FIT format image header
1084 * @noffset: hash node offset
1085 * @value: double pointer to uint8_t, will hold address of a hash value data
1086 * @value_len: pointer to an int, will hold hash data length
1087 *
1088 * fit_image_hash_get_value() finds hash value property in a given hash node.
1089 * If the property is found its data start address and size are returned to
1090 * the caller.
1091 *
1092 * returns:
1093 * 0, on success
1094 * -1, on failure
1095 */
fit_image_hash_get_value(const void * fit,int noffset,uint8_t ** value,int * value_len)1096 int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value,
1097 int *value_len)
1098 {
1099 int len;
1100
1101 *value = (uint8_t *)fdt_getprop(fit, noffset, FIT_VALUE_PROP, &len);
1102 if (*value == NULL) {
1103 fit_get_debug(fit, noffset, FIT_VALUE_PROP, len);
1104 *value_len = 0;
1105 return -1;
1106 }
1107
1108 *value_len = len;
1109 return 0;
1110 }
1111
1112 /**
1113 * fit_image_hash_get_ignore - get hash ignore flag
1114 * @fit: pointer to the FIT format image header
1115 * @noffset: hash node offset
1116 * @ignore: pointer to an int, will hold hash ignore flag
1117 *
1118 * fit_image_hash_get_ignore() finds hash ignore property in a given hash node.
1119 * If the property is found and non-zero, the hash algorithm is not verified by
1120 * u-boot automatically.
1121 *
1122 * returns:
1123 * 0, on ignore not found
1124 * value, on ignore found
1125 */
fit_image_hash_get_ignore(const void * fit,int noffset,int * ignore)1126 static int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore)
1127 {
1128 int len;
1129 int *value;
1130
1131 value = (int *)fdt_getprop(fit, noffset, FIT_IGNORE_PROP, &len);
1132 if (value == NULL || len != sizeof(int))
1133 *ignore = 0;
1134 else
1135 *ignore = *value;
1136
1137 return 0;
1138 }
1139
1140 /**
1141 * fit_image_cipher_get_algo - get cipher algorithm name
1142 * @fit: pointer to the FIT format image header
1143 * @noffset: cipher node offset
1144 * @algo: double pointer to char, will hold pointer to the algorithm name
1145 *
1146 * fit_image_cipher_get_algo() finds cipher algorithm property in a given
1147 * cipher node. If the property is found its data start address is returned
1148 * to the caller.
1149 *
1150 * returns:
1151 * 0, on success
1152 * -1, on failure
1153 */
fit_image_cipher_get_algo(const void * fit,int noffset,char ** algo)1154 int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo)
1155 {
1156 int len;
1157
1158 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
1159 if (!*algo) {
1160 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
1161 return -1;
1162 }
1163
1164 return 0;
1165 }
1166
fit_get_end(const void * fit)1167 ulong fit_get_end(const void *fit)
1168 {
1169 return map_to_sysmem((void *)(fit + fdt_totalsize(fit)));
1170 }
1171
1172 /**
1173 * fit_set_timestamp - set node timestamp property
1174 * @fit: pointer to the FIT format image header
1175 * @noffset: node offset
1176 * @timestamp: timestamp value to be set
1177 *
1178 * fit_set_timestamp() attempts to set timestamp property in the requested
1179 * node and returns operation status to the caller.
1180 *
1181 * returns:
1182 * 0, on success
1183 * -ENOSPC if no space in device tree, -1 for other error
1184 */
fit_set_timestamp(void * fit,int noffset,time_t timestamp)1185 int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
1186 {
1187 uint32_t t;
1188 int ret;
1189
1190 t = cpu_to_uimage(timestamp);
1191 ret = fdt_setprop(fit, noffset, FIT_TIMESTAMP_PROP, &t,
1192 sizeof(uint32_t));
1193 if (ret) {
1194 debug("Can't set '%s' property for '%s' node (%s)\n",
1195 FIT_TIMESTAMP_PROP, fit_get_name(fit, noffset, NULL),
1196 fdt_strerror(ret));
1197 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1;
1198 }
1199
1200 return 0;
1201 }
1202
fit_set_totalsize(void * fit,int noffset,int totalsize)1203 int fit_set_totalsize(void *fit, int noffset, int totalsize)
1204 {
1205 uint32_t t;
1206 int ret;
1207
1208 t = cpu_to_uimage(totalsize);
1209 ret = fdt_setprop(fit, noffset, FIT_TOTALSIZE_PROP, &t,
1210 sizeof(uint32_t));
1211 if (ret)
1212 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1;
1213
1214 return 0;
1215 }
1216
fit_set_version(void * fit,int noffset,int version)1217 int fit_set_version(void *fit, int noffset, int version)
1218 {
1219 uint32_t v;
1220 int ret;
1221
1222 v = cpu_to_uimage(version);
1223 ret = fdt_setprop(fit, noffset, FIT_VERSION_PROP, &v, sizeof(uint32_t));
1224 if (ret)
1225 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1;
1226
1227 return 0;
1228 }
1229
fit_calculate_hash(const void * data,int data_len,const char * algo,uint8_t * value,int * value_len)1230 int fit_calculate_hash(const void *data, int data_len,
1231 const char *algo, uint8_t *value,
1232 int *value_len)
1233 {
1234 if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
1235 *((uint32_t *)value) = crc32_wd(0, data, data_len,
1236 CHUNKSZ_CRC32);
1237 *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
1238 *value_len = 4;
1239 #ifdef CONFIG_SHA1
1240 } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
1241 sha1_csum_wd((unsigned char *)data, data_len,
1242 (unsigned char *)value, CHUNKSZ_SHA1);
1243 *value_len = 20;
1244 #endif
1245 #ifdef CONFIG_SHA256
1246 } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
1247 sha256_csum_wd((unsigned char *)data, data_len,
1248 (unsigned char *)value, CHUNKSZ_SHA256);
1249 *value_len = SHA256_SUM_LEN;
1250 #endif
1251 #ifdef CONFIG_MD5
1252 } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
1253 md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
1254 *value_len = 16;
1255 #endif
1256 } else {
1257 debug("Unsupported hash alogrithm\n");
1258 return -1;
1259 }
1260 return 0;
1261 }
1262
1263 #ifndef USE_HOSTCC
1264 #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
crypto_csum(u32 cap,const char * data,int len,u8 * output)1265 static int crypto_csum(u32 cap, const char *data, int len, u8 *output)
1266 {
1267 struct udevice *dev;
1268 sha_context csha_ctx;
1269
1270 dev = crypto_get_device(cap);
1271 if (!dev) {
1272 printf("Can't find expected crypto device\n");
1273 return -ENODEV;
1274 }
1275
1276 csha_ctx.algo = cap;
1277 csha_ctx.length = len;
1278
1279 return crypto_sha_csum(dev, &csha_ctx, (char *)data, len, output);
1280 }
1281
hw_fit_calculate_hash(const void * data,int data_len,const char * algo,uint8_t * value,int * value_len)1282 static int hw_fit_calculate_hash(const void *data, int data_len,
1283 const char *algo, uint8_t *value,
1284 int *value_len)
1285 {
1286 int ret = 0;
1287
1288 if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
1289 *((uint32_t *)value) = crc32_wd(0, data, data_len,
1290 CHUNKSZ_CRC32);
1291 *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
1292 *value_len = 4;
1293 } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
1294 ret = crypto_csum(CRYPTO_SHA1, data, data_len, value);
1295 *value_len = 20;
1296 } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
1297 ret = crypto_csum(CRYPTO_SHA256, data, data_len, value);
1298 *value_len = SHA256_SUM_LEN;
1299 } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
1300 ret = crypto_csum(CRYPTO_MD5, data, data_len, value);
1301 *value_len = 16;
1302 } else {
1303 debug("Unsupported hash alogrithm\n");
1304 return -1;
1305 }
1306
1307 if (ret)
1308 printf("%s: algo %s failed, ret=%d\n", __func__, algo, ret);
1309
1310 return ret;
1311 }
1312 #endif
1313 #endif
1314
1315 /**
1316 * calculate_hash - calculate and return hash for provided input data
1317 * @data: pointer to the input data
1318 * @data_len: data length
1319 * @algo: requested hash algorithm
1320 * @value: pointer to the char, will hold hash value data (caller must
1321 * allocate enough free space)
1322 * value_len: length of the calculated hash
1323 *
1324 * calculate_hash() computes input data hash according to the requested
1325 * algorithm.
1326 * Resulting hash value is placed in caller provided 'value' buffer, length
1327 * of the calculated hash is returned via value_len pointer argument.
1328 *
1329 * returns:
1330 * 0, on success
1331 * -1, when algo is unsupported
1332 */
calculate_hash(const void * data,int data_len,const char * algo,uint8_t * value,int * value_len)1333 int calculate_hash(const void *data, int data_len, const char *algo,
1334 uint8_t *value, int *value_len)
1335 {
1336 #if defined(USE_HOSTCC)
1337 return fit_calculate_hash(data, data_len, algo, value, value_len);
1338 #else
1339 #if !CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
1340 return fit_calculate_hash(data, data_len, algo, value, value_len);
1341 #else
1342 return hw_fit_calculate_hash(data, data_len, algo, value, value_len);
1343 #endif
1344 #endif
1345 }
1346
fit_image_check_hash(const void * fit,int noffset,const void * data,size_t size,char ** err_msgp)1347 int fit_image_check_hash(const void *fit, int noffset, const void *data,
1348 size_t size, char **err_msgp)
1349 {
1350 uint8_t value[FIT_MAX_HASH_LEN];
1351 int value_len;
1352 char *algo;
1353 uint8_t *fit_value;
1354 int fit_value_len;
1355 int ignore;
1356 int i;
1357
1358 *err_msgp = NULL;
1359
1360 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
1361 *err_msgp = "Can't get hash algo property";
1362 return -1;
1363 }
1364 printf("%s", algo);
1365
1366 if (IMAGE_ENABLE_IGNORE) {
1367 fit_image_hash_get_ignore(fit, noffset, &ignore);
1368 if (ignore) {
1369 printf("-skipped ");
1370 return 0;
1371 }
1372 }
1373
1374 if (fit_image_hash_get_value(fit, noffset, &fit_value,
1375 &fit_value_len)) {
1376 *err_msgp = "Can't get hash value property";
1377 return -1;
1378 }
1379
1380 if (calculate_hash(data, size, algo, value, &value_len)) {
1381 *err_msgp = "Unsupported hash algorithm";
1382 return -1;
1383 }
1384
1385 if (value_len != fit_value_len) {
1386 *err_msgp = "Bad hash value len";
1387 return -1;
1388 } else if (memcmp(value, fit_value, value_len) != 0) {
1389 printf(" Bad hash: ");
1390 for (i = 0; i < value_len; i++)
1391 printf("%02x", value[i]);
1392 printf("\n");
1393
1394 *err_msgp = "Bad hash value";
1395 return -1;
1396 }
1397
1398 #ifdef CONFIG_SPL_BUILD
1399 printf("(");
1400 for (i = 0; i < 5; i++)
1401 printf("%02x", value[i]);
1402 printf("...) ");
1403 #endif
1404
1405 return 0;
1406 }
1407
fit_image_verify_with_data(const void * fit,int image_noffset,const void * data,size_t size)1408 int fit_image_verify_with_data(const void *fit, int image_noffset,
1409 const void *data, size_t size)
1410 {
1411 int noffset = 0;
1412 char *err_msg = "";
1413 int verify_all = 1;
1414 int ret;
1415
1416 /* Verify all required signatures */
1417 if (IMAGE_ENABLE_VERIFY &&
1418 fit_image_verify_required_sigs(fit, image_noffset, data, size,
1419 gd_fdt_blob(), &verify_all)) {
1420 err_msg = "Unable to verify required signature";
1421 goto error;
1422 }
1423
1424 /* Process all hash subnodes of the component image node */
1425 fdt_for_each_subnode(noffset, fit, image_noffset) {
1426 const char *name = fit_get_name(fit, noffset, NULL);
1427
1428 /*
1429 * Check subnode name, must be equal to "hash".
1430 * Multiple hash nodes require unique unit node
1431 * names, e.g. hash@1, hash@2, etc.
1432 */
1433 if (!strncmp(name, FIT_HASH_NODENAME,
1434 strlen(FIT_HASH_NODENAME))) {
1435 if (fit_image_check_hash(fit, noffset, data, size,
1436 &err_msg))
1437 goto error;
1438 puts("+ ");
1439 } else if (IMAGE_ENABLE_VERIFY && verify_all &&
1440 !strncmp(name, FIT_SIG_NODENAME,
1441 strlen(FIT_SIG_NODENAME))) {
1442 ret = fit_image_check_sig(fit, noffset, data,
1443 size, -1, &err_msg);
1444
1445 /*
1446 * Show an indication on failure, but do not return
1447 * an error. Only keys marked 'required' can cause
1448 * an image validation failure. See the call to
1449 * fit_image_verify_required_sigs() above.
1450 */
1451 if (ret)
1452 puts("- ");
1453 else
1454 puts("+ ");
1455 }
1456 }
1457
1458 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) {
1459 err_msg = "Corrupted or truncated tree";
1460 goto error;
1461 }
1462
1463 return 1; /* success */
1464
1465 error:
1466 printf(" error!\n%s for '%s' hash node in '%s' image node\n",
1467 err_msg, fit_get_name(fit, noffset, NULL),
1468 fit_get_name(fit, image_noffset, NULL));
1469 return 0;
1470 }
1471
1472 /**
1473 * fit_image_verify - verify data integrity
1474 * @fit: pointer to the FIT format image header
1475 * @image_noffset: component image node offset
1476 *
1477 * fit_image_verify() goes over component image hash nodes,
1478 * re-calculates each data hash and compares with the value stored in hash
1479 * node.
1480 *
1481 * returns:
1482 * 1, if all hashes are valid
1483 * 0, otherwise (or on error)
1484 */
fit_image_verify(const void * fit,int image_noffset)1485 int fit_image_verify(const void *fit, int image_noffset)
1486 {
1487 const void *data;
1488 size_t size;
1489 int noffset = 0;
1490 char *err_msg = "";
1491
1492 /* Get image data and data length */
1493 if (fit_image_get_data(fit, image_noffset, &data, &size)) {
1494 err_msg = "Can't get image data/size";
1495 printf("error!\n%s for '%s' hash node in '%s' image node\n",
1496 err_msg, fit_get_name(fit, noffset, NULL),
1497 fit_get_name(fit, image_noffset, NULL));
1498 return 0;
1499 }
1500
1501 return fit_image_verify_with_data(fit, image_noffset, data, size);
1502 }
1503
1504 /**
1505 * fit_all_image_verify - verify data integrity for all images
1506 * @fit: pointer to the FIT format image header
1507 *
1508 * fit_all_image_verify() goes over all images in the FIT and
1509 * for every images checks if all it's hashes are valid.
1510 *
1511 * returns:
1512 * 1, if all hashes of all images are valid
1513 * 0, otherwise (or on error)
1514 */
fit_all_image_verify(const void * fit)1515 int fit_all_image_verify(const void *fit)
1516 {
1517 int images_noffset;
1518 int noffset;
1519 int ndepth;
1520 int count;
1521
1522 /* Find images parent node offset */
1523 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1524 if (images_noffset < 0) {
1525 printf("Can't find images parent node '%s' (%s)\n",
1526 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
1527 return 0;
1528 }
1529
1530 /* Process all image subnodes, check hashes for each */
1531 printf("## Checking hash(es) for FIT Image at %08lx ...\n",
1532 (ulong)fit);
1533 for (ndepth = 0, count = 0,
1534 noffset = fdt_next_node(fit, images_noffset, &ndepth);
1535 (noffset >= 0) && (ndepth > 0);
1536 noffset = fdt_next_node(fit, noffset, &ndepth)) {
1537 if (ndepth == 1) {
1538 /*
1539 * Direct child node of the images parent node,
1540 * i.e. component image node.
1541 */
1542 printf(" Hash(es) for Image %u (%s): ", count,
1543 fit_get_name(fit, noffset, NULL));
1544 count++;
1545
1546 if (!fit_image_verify(fit, noffset))
1547 return 0;
1548 printf("\n");
1549 }
1550 }
1551 return 1;
1552 }
1553
1554 #if !defined(USE_HOSTCC)
1555 #if defined(CONFIG_FIT_CIPHER)
1556 /*
1557 * [aes-128-ctr] example:
1558 *
1559 * openssl rand -out aes128.key 16
1560 *
1561 * openssl dgst -sha256 -binary -out kernel.sha256 kernel
1562 * openssl rand -out iv.bin 16
1563 * openssl enc -aes-128-ctr -in kernel -out kernel.encrypt -K $(xxd -p aes128.key) -iv $(xxd -p iv.bin)
1564 * openssl enc -aes-128-ctr -d -in kernel.encrypt -out kernel -K $(xxd -p aes128.key) -iv $(xxd -p iv.bin)
1565 *
1566 *
1567 * Add a "cipher" node under kernel node, the "hash" node is optional.
1568 *
1569 * cipher {
1570 * algo = "aes128";
1571 * iv = /incbin/("./iv.bin");
1572 * hash {
1573 * algo = "sha256";
1574 * value = /incbin/("./kernel.sha256");
1575 * };
1576 * };
1577 */
fit_image_uncipher(const void * fit,int noffset,ulong cipher_addr,size_t cipher_sz,ulong uncipher_addr)1578 static int fit_image_uncipher(const void *fit, int noffset,
1579 ulong cipher_addr, size_t cipher_sz,
1580 ulong uncipher_addr)
1581 {
1582 rk_cipher_config config;
1583 int cipher_noffset;
1584 const char *node_name;
1585 const void *iv;
1586 char *algo_name;
1587 char *err_msgp;
1588 int key_len = 16;
1589 int iv_len;
1590 int ret;
1591
1592 node_name = fdt_get_name(fit, noffset, NULL);
1593 cipher_noffset = fdt_subnode_offset(fit, noffset, FIT_CIPHER_NODENAME);
1594
1595 if (fit_image_cipher_get_algo(fit, cipher_noffset, &algo_name)) {
1596 printf("Can't get cipher algo for image '%s'\n",
1597 node_name);
1598 return -1;
1599 }
1600
1601 if (strcmp(algo_name, "aes128")) {
1602 printf("Invalid cipher algo '%s'\n", algo_name);
1603 return -1;
1604 }
1605
1606 iv = fdt_getprop(fit, cipher_noffset, "iv", &iv_len);
1607 if (!iv) {
1608 printf("Can't get IV for image '%s'\n", node_name);
1609 return -1;
1610 }
1611
1612 if (iv_len != key_len) {
1613 printf("Len iv(%d) != key(%d) for image '%s'\n",
1614 iv_len, key_len, node_name);
1615 return -1;
1616 }
1617
1618 memset(&config, 0, sizeof(config));
1619 config.algo = RK_ALGO_AES;
1620 config.mode = RK_CIPHER_MODE_CTR;
1621 config.operation = RK_MODE_DECRYPT;
1622 config.key_len = key_len;
1623 memcpy(config.iv, iv, key_len);
1624
1625 /* uncipher */
1626 ret = trusty_fw_key_cipher(RK_FW_KEY0, &config,
1627 (u32)cipher_addr, (u32)uncipher_addr,
1628 (u32)cipher_sz);
1629 if (ret) {
1630 printf("Uncipher data failed for image '%s', ret=%d\n",
1631 node_name, ret);
1632 return ret;
1633 }
1634
1635 /* verify uncipher data hash */
1636 noffset = fdt_subnode_offset(fit, cipher_noffset, FIT_HASH_NODENAME);
1637 if (noffset > 0) {
1638 ret = fit_image_check_hash(fit, noffset,
1639 (void *)uncipher_addr,
1640 cipher_sz, &err_msgp);
1641 if (ret) {
1642 printf("%s, uncipher data hash for image '%s', ret=%d\n",
1643 err_msgp, node_name, ret);
1644 return ret;
1645 } else {
1646 puts("+");
1647 }
1648 }
1649
1650 return 0;
1651 }
1652 #endif
1653 #endif
1654
1655 /**
1656 * fit_image_check_os - check whether image node is of a given os type
1657 * @fit: pointer to the FIT format image header
1658 * @noffset: component image node offset
1659 * @os: requested image os
1660 *
1661 * fit_image_check_os() reads image os property and compares its numeric
1662 * id with the requested os. Comparison result is returned to the caller.
1663 *
1664 * returns:
1665 * 1 if image is of given os type
1666 * 0 otherwise (or on error)
1667 */
fit_image_check_os(const void * fit,int noffset,uint8_t os)1668 int fit_image_check_os(const void *fit, int noffset, uint8_t os)
1669 {
1670 uint8_t image_os;
1671
1672 if (fit_image_get_os(fit, noffset, &image_os))
1673 return 0;
1674 return (os == image_os);
1675 }
1676
1677 /**
1678 * fit_image_check_arch - check whether image node is of a given arch
1679 * @fit: pointer to the FIT format image header
1680 * @noffset: component image node offset
1681 * @arch: requested imagearch
1682 *
1683 * fit_image_check_arch() reads image arch property and compares its numeric
1684 * id with the requested arch. Comparison result is returned to the caller.
1685 *
1686 * returns:
1687 * 1 if image is of given arch
1688 * 0 otherwise (or on error)
1689 */
fit_image_check_arch(const void * fit,int noffset,uint8_t arch)1690 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch)
1691 {
1692 uint8_t image_arch;
1693 int aarch32_support = 0;
1694
1695 #ifdef CONFIG_ARM64_SUPPORT_AARCH32
1696 aarch32_support = 1;
1697 #endif
1698
1699 if (fit_image_get_arch(fit, noffset, &image_arch))
1700 return 0;
1701 return (arch == image_arch) ||
1702 (arch == IH_ARCH_I386 && image_arch == IH_ARCH_X86_64) ||
1703 (arch == IH_ARCH_ARM64 && image_arch == IH_ARCH_ARM &&
1704 aarch32_support);
1705 }
1706
1707 /**
1708 * fit_image_check_type - check whether image node is of a given type
1709 * @fit: pointer to the FIT format image header
1710 * @noffset: component image node offset
1711 * @type: requested image type
1712 *
1713 * fit_image_check_type() reads image type property and compares its numeric
1714 * id with the requested type. Comparison result is returned to the caller.
1715 *
1716 * returns:
1717 * 1 if image is of given type
1718 * 0 otherwise (or on error)
1719 */
fit_image_check_type(const void * fit,int noffset,uint8_t type)1720 int fit_image_check_type(const void *fit, int noffset, uint8_t type)
1721 {
1722 uint8_t image_type;
1723
1724 if (fit_image_get_type(fit, noffset, &image_type))
1725 return 0;
1726 return (type == image_type);
1727 }
1728
1729 /**
1730 * fit_image_check_comp - check whether image node uses given compression
1731 * @fit: pointer to the FIT format image header
1732 * @noffset: component image node offset
1733 * @comp: requested image compression type
1734 *
1735 * fit_image_check_comp() reads image compression property and compares its
1736 * numeric id with the requested compression type. Comparison result is
1737 * returned to the caller.
1738 *
1739 * returns:
1740 * 1 if image uses requested compression
1741 * 0 otherwise (or on error)
1742 */
fit_image_check_comp(const void * fit,int noffset,uint8_t comp)1743 int fit_image_check_comp(const void *fit, int noffset, uint8_t comp)
1744 {
1745 uint8_t image_comp;
1746
1747 if (fit_image_get_comp(fit, noffset, &image_comp))
1748 return 0;
1749 return (comp == image_comp);
1750 }
1751
1752 /**
1753 * fit_check_format - sanity check FIT image format
1754 * @fit: pointer to the FIT format image header
1755 *
1756 * fit_check_format() runs a basic sanity FIT image verification.
1757 * Routine checks for mandatory properties, nodes, etc.
1758 *
1759 * returns:
1760 * 1, on success
1761 * 0, on failure
1762 */
fit_check_format(const void * fit)1763 int fit_check_format(const void *fit)
1764 {
1765 /* mandatory / node 'description' property */
1766 if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) {
1767 debug("Wrong FIT format: no description\n");
1768 return 0;
1769 }
1770
1771 if (IMAGE_ENABLE_TIMESTAMP) {
1772 /* mandatory / node 'timestamp' property */
1773 if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) {
1774 debug("Wrong FIT format: no timestamp\n");
1775 return 0;
1776 }
1777 }
1778
1779 /* mandatory subimages parent '/images' node */
1780 if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) {
1781 debug("Wrong FIT format: no images parent node\n");
1782 return 0;
1783 }
1784
1785 return 1;
1786 }
1787
1788
1789 /**
1790 * fit_conf_find_compat
1791 * @fit: pointer to the FIT format image header
1792 * @fdt: pointer to the device tree to compare against
1793 *
1794 * fit_conf_find_compat() attempts to find the configuration whose fdt is the
1795 * most compatible with the passed in device tree.
1796 *
1797 * Example:
1798 *
1799 * / o image-tree
1800 * |-o images
1801 * | |-o fdt@1
1802 * | |-o fdt@2
1803 * |
1804 * |-o configurations
1805 * |-o config@1
1806 * | |-fdt = fdt@1
1807 * |
1808 * |-o config@2
1809 * |-fdt = fdt@2
1810 *
1811 * / o U-Boot fdt
1812 * |-compatible = "foo,bar", "bim,bam"
1813 *
1814 * / o kernel fdt1
1815 * |-compatible = "foo,bar",
1816 *
1817 * / o kernel fdt2
1818 * |-compatible = "bim,bam", "baz,biz"
1819 *
1820 * Configuration 1 would be picked because the first string in U-Boot's
1821 * compatible list, "foo,bar", matches a compatible string in the root of fdt1.
1822 * "bim,bam" in fdt2 matches the second string which isn't as good as fdt1.
1823 *
1824 * returns:
1825 * offset to the configuration to use if one was found
1826 * -1 otherwise
1827 */
fit_conf_find_compat(const void * fit,const void * fdt)1828 int fit_conf_find_compat(const void *fit, const void *fdt)
1829 {
1830 int ndepth = 0;
1831 int noffset, confs_noffset, images_noffset;
1832 const void *fdt_compat;
1833 int fdt_compat_len;
1834 int best_match_offset = 0;
1835 int best_match_pos = 0;
1836
1837 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1838 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1839 if (confs_noffset < 0 || images_noffset < 0) {
1840 debug("Can't find configurations or images nodes.\n");
1841 return -1;
1842 }
1843
1844 fdt_compat = fdt_getprop(fdt, 0, "compatible", &fdt_compat_len);
1845 if (!fdt_compat) {
1846 debug("Fdt for comparison has no \"compatible\" property.\n");
1847 return -1;
1848 }
1849
1850 /*
1851 * Loop over the configurations in the FIT image.
1852 */
1853 for (noffset = fdt_next_node(fit, confs_noffset, &ndepth);
1854 (noffset >= 0) && (ndepth > 0);
1855 noffset = fdt_next_node(fit, noffset, &ndepth)) {
1856 const void *kfdt;
1857 const char *kfdt_name;
1858 int kfdt_noffset;
1859 const char *cur_fdt_compat;
1860 int len;
1861 size_t size;
1862 int i;
1863
1864 if (ndepth > 1)
1865 continue;
1866
1867 kfdt_name = fdt_getprop(fit, noffset, "fdt", &len);
1868 if (!kfdt_name) {
1869 debug("No fdt property found.\n");
1870 continue;
1871 }
1872 kfdt_noffset = fdt_subnode_offset(fit, images_noffset,
1873 kfdt_name);
1874 if (kfdt_noffset < 0) {
1875 debug("No image node named \"%s\" found.\n",
1876 kfdt_name);
1877 continue;
1878 }
1879 /*
1880 * Get a pointer to this configuration's fdt.
1881 */
1882 if (fit_image_get_data(fit, kfdt_noffset, &kfdt, &size)) {
1883 debug("Failed to get fdt \"%s\".\n", kfdt_name);
1884 continue;
1885 }
1886
1887 len = fdt_compat_len;
1888 cur_fdt_compat = fdt_compat;
1889 /*
1890 * Look for a match for each U-Boot compatibility string in
1891 * turn in this configuration's fdt.
1892 */
1893 for (i = 0; len > 0 &&
1894 (!best_match_offset || best_match_pos > i); i++) {
1895 int cur_len = strlen(cur_fdt_compat) + 1;
1896
1897 if (!fdt_node_check_compatible(kfdt, 0,
1898 cur_fdt_compat)) {
1899 best_match_offset = noffset;
1900 best_match_pos = i;
1901 break;
1902 }
1903 len -= cur_len;
1904 cur_fdt_compat += cur_len;
1905 }
1906 }
1907 if (!best_match_offset) {
1908 debug("No match found.\n");
1909 return -1;
1910 }
1911
1912 return best_match_offset;
1913 }
1914
1915 /**
1916 * fit_conf_get_node - get node offset for configuration of a given unit name
1917 * @fit: pointer to the FIT format image header
1918 * @conf_uname: configuration node unit name
1919 *
1920 * fit_conf_get_node() finds a configuration (within the '/configurations'
1921 * parent node) of a provided unit name. If configuration is found its node
1922 * offset is returned to the caller.
1923 *
1924 * When NULL is provided in second argument fit_conf_get_node() will search
1925 * for a default configuration node instead. Default configuration node unit
1926 * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations'
1927 * node.
1928 *
1929 * returns:
1930 * configuration node offset when found (>=0)
1931 * negative number on failure (FDT_ERR_* code)
1932 */
fit_conf_get_node(const void * fit,const char * conf_uname)1933 int fit_conf_get_node(const void *fit, const char *conf_uname)
1934 {
1935 int noffset, confs_noffset;
1936 int len;
1937 const char *s;
1938 char *conf_uname_copy = NULL;
1939
1940 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1941 if (confs_noffset < 0) {
1942 debug("Can't find configurations parent node '%s' (%s)\n",
1943 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
1944 return confs_noffset;
1945 }
1946
1947 if (conf_uname == NULL) {
1948 /* get configuration unit name from the default property */
1949 debug("No configuration specified, trying default...\n");
1950 conf_uname = (char *)fdt_getprop(fit, confs_noffset,
1951 FIT_DEFAULT_PROP, &len);
1952 if (conf_uname == NULL) {
1953 fit_get_debug(fit, confs_noffset, FIT_DEFAULT_PROP,
1954 len);
1955 return len;
1956 }
1957 debug("Found default configuration: '%s'\n", conf_uname);
1958 }
1959
1960 s = strchr(conf_uname, '#');
1961 if (s) {
1962 len = s - conf_uname;
1963 conf_uname_copy = malloc(len + 1);
1964 if (!conf_uname_copy) {
1965 debug("Can't allocate uname copy: '%s'\n",
1966 conf_uname);
1967 return -ENOMEM;
1968 }
1969 memcpy(conf_uname_copy, conf_uname, len);
1970 conf_uname_copy[len] = '\0';
1971 conf_uname = conf_uname_copy;
1972 }
1973
1974 noffset = fdt_subnode_offset(fit, confs_noffset, conf_uname);
1975 if (noffset < 0) {
1976 debug("Can't get node offset for configuration unit name: '%s' (%s)\n",
1977 conf_uname, fdt_strerror(noffset));
1978 }
1979
1980 if (conf_uname_copy)
1981 free(conf_uname_copy);
1982
1983 return noffset;
1984 }
1985
fit_conf_get_prop_node_count(const void * fit,int noffset,const char * prop_name)1986 int fit_conf_get_prop_node_count(const void *fit, int noffset,
1987 const char *prop_name)
1988 {
1989 return fdt_stringlist_count(fit, noffset, prop_name);
1990 }
1991
fit_conf_get_prop_node_index(const void * fit,int noffset,const char * prop_name,int index)1992 int fit_conf_get_prop_node_index(const void *fit, int noffset,
1993 const char *prop_name, int index)
1994 {
1995 const char *uname;
1996 int len;
1997
1998 /* get kernel image unit name from configuration kernel property */
1999 uname = fdt_stringlist_get(fit, noffset, prop_name, index, &len);
2000 if (uname == NULL)
2001 return len;
2002
2003 return fit_image_get_node(fit, uname);
2004 }
2005
fit_conf_get_prop_node(const void * fit,int noffset,const char * prop_name)2006 int fit_conf_get_prop_node(const void *fit, int noffset,
2007 const char *prop_name)
2008 {
2009 return fit_conf_get_prop_node_index(fit, noffset, prop_name, 0);
2010 }
2011
2012 /**
2013 * fit_conf_print - prints out the FIT configuration details
2014 * @fit: pointer to the FIT format image header
2015 * @noffset: offset of the configuration node
2016 * @p: pointer to prefix string
2017 *
2018 * fit_conf_print() lists all mandatory properties for the processed
2019 * configuration node.
2020 *
2021 * returns:
2022 * no returned results
2023 */
fit_conf_print(const void * fit,int noffset,const char * p)2024 void fit_conf_print(const void *fit, int noffset, const char *p)
2025 {
2026 char *desc;
2027 const char *uname;
2028 int ret;
2029 int fdt_index, loadables_index;
2030
2031 /* Mandatory properties */
2032 ret = fit_get_desc(fit, noffset, &desc);
2033 printf("%s Description: ", p);
2034 if (ret)
2035 printf("unavailable\n");
2036 else
2037 printf("%s\n", desc);
2038
2039 uname = fdt_getprop(fit, noffset, FIT_KERNEL_PROP, NULL);
2040 printf("%s Kernel: ", p);
2041 if (uname == NULL)
2042 printf("unavailable\n");
2043 else
2044 printf("%s\n", uname);
2045
2046 /* Optional properties */
2047 uname = fdt_getprop(fit, noffset, FIT_RAMDISK_PROP, NULL);
2048 if (uname)
2049 printf("%s Init Ramdisk: %s\n", p, uname);
2050
2051 uname = fdt_getprop(fit, noffset, FIT_FIRMWARE_PROP, NULL);
2052 if (uname)
2053 printf("%s Firmware: %s\n", p, uname);
2054
2055 for (fdt_index = 0;
2056 uname = fdt_stringlist_get(fit, noffset, FIT_FDT_PROP,
2057 fdt_index, NULL), uname;
2058 fdt_index++) {
2059
2060 if (fdt_index == 0)
2061 printf("%s FDT: ", p);
2062 else
2063 printf("%s ", p);
2064 printf("%s\n", uname);
2065 }
2066
2067 uname = fdt_getprop(fit, noffset, FIT_FPGA_PROP, NULL);
2068 if (uname)
2069 printf("%s FPGA: %s\n", p, uname);
2070
2071 /* Print out all of the specified loadables */
2072 for (loadables_index = 0;
2073 uname = fdt_stringlist_get(fit, noffset, FIT_LOADABLE_PROP,
2074 loadables_index, NULL), uname;
2075 loadables_index++) {
2076 if (loadables_index == 0) {
2077 printf("%s Loadables: ", p);
2078 } else {
2079 printf("%s ", p);
2080 }
2081 printf("%s\n", uname);
2082 }
2083 }
2084
fit_image_select(const void * fit,int rd_noffset,int verify)2085 static int fit_image_select(const void *fit, int rd_noffset, int verify)
2086 {
2087 #ifdef USE_HOSTCC
2088 fit_image_print(fit, rd_noffset, " ");
2089 #else
2090 #if CONFIG_IS_ENABLED(FIT_PRINT)
2091 fit_image_print(fit, rd_noffset, " ");
2092 #endif
2093 #endif
2094
2095 #ifndef USE_HOSTCC
2096 if (smp_event1(SEVT_3, STID_17))
2097 return 0;
2098 #endif
2099 if (verify) {
2100 puts(" Verifying Hash Integrity ... ");
2101 if (!fit_image_verify(fit, rd_noffset)) {
2102 puts("Bad Data Hash\n");
2103 return -EACCES;
2104 }
2105 puts("OK\n");
2106 }
2107
2108 return 0;
2109 }
2110
fit_get_node_from_config(bootm_headers_t * images,const char * prop_name,ulong addr)2111 int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name,
2112 ulong addr)
2113 {
2114 int cfg_noffset;
2115 void *fit_hdr;
2116 int noffset;
2117
2118 debug("* %s: using config '%s' from image at 0x%08lx\n",
2119 prop_name, images->fit_uname_cfg, addr);
2120
2121 /* Check whether configuration has this property defined */
2122 fit_hdr = map_sysmem(addr, 0);
2123 cfg_noffset = fit_conf_get_node(fit_hdr, images->fit_uname_cfg);
2124 if (cfg_noffset < 0) {
2125 debug("* %s: no such config\n", prop_name);
2126 return -EINVAL;
2127 }
2128
2129 noffset = fit_conf_get_prop_node(fit_hdr, cfg_noffset, prop_name);
2130 if (noffset < 0) {
2131 debug("* %s: no '%s' in config\n", prop_name, prop_name);
2132 return -ENOENT;
2133 }
2134
2135 return noffset;
2136 }
2137
2138 /**
2139 * fit_get_image_type_property() - get property name for IH_TYPE_...
2140 *
2141 * @return the properly name where we expect to find the image in the
2142 * config node
2143 */
fit_get_image_type_property(int type)2144 static const char *fit_get_image_type_property(int type)
2145 {
2146 /*
2147 * This is sort-of available in the uimage_type[] table in image.c
2148 * but we don't have access to the short name, and "fdt" is different
2149 * anyway. So let's just keep it here.
2150 */
2151 switch (type) {
2152 case IH_TYPE_FLATDT:
2153 return FIT_FDT_PROP;
2154 case IH_TYPE_KERNEL:
2155 return FIT_KERNEL_PROP;
2156 case IH_TYPE_RAMDISK:
2157 return FIT_RAMDISK_PROP;
2158 case IH_TYPE_FIRMWARE:
2159 return FIT_FIRMWARE_PROP;
2160 case IH_TYPE_X86_SETUP:
2161 return FIT_SETUP_PROP;
2162 case IH_TYPE_LOADABLE:
2163 return FIT_LOADABLE_PROP;
2164 case IH_TYPE_FPGA:
2165 return FIT_FPGA_PROP;
2166 case IH_TYPE_STANDALONE:
2167 return FIT_STANDALONE_PROP;
2168 }
2169
2170 return "unknown";
2171 }
2172
2173 #ifndef USE_HOSTCC
fit_board_verify_required_sigs(void)2174 __weak int fit_board_verify_required_sigs(void)
2175 {
2176 return 0;
2177 }
2178 #endif
2179
fit_image_load_index(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,int image_type,int image_index,int bootstage_id,enum fit_load_op load_op,ulong * datap,ulong * lenp)2180 int fit_image_load_index(bootm_headers_t *images, ulong addr,
2181 const char **fit_unamep, const char **fit_uname_configp,
2182 int arch, int image_type, int image_index, int bootstage_id,
2183 enum fit_load_op load_op, ulong *datap, ulong *lenp)
2184 {
2185 int cfg_noffset, noffset;
2186 const char *fit_uname;
2187 const char *fit_uname_config;
2188 const char *fit_base_uname_config;
2189 const void *fit;
2190 const void *buf;
2191 size_t size;
2192 int type_ok, os_ok;
2193 ulong load, data, len;
2194 uint8_t os;
2195 #ifndef USE_HOSTCC
2196 uint8_t os_arch;
2197 #endif
2198 const char *prop_name;
2199 int ret;
2200
2201 fit = map_sysmem(addr, 0);
2202 fit_uname = fit_unamep ? *fit_unamep : NULL;
2203 fit_uname_config = fit_uname_configp ? *fit_uname_configp : NULL;
2204 fit_base_uname_config = NULL;
2205 prop_name = fit_get_image_type_property(image_type);
2206 printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr);
2207
2208 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT);
2209 if (!fit_check_format(fit)) {
2210 printf("Bad FIT %s image format!\n", prop_name);
2211 bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT);
2212 return -ENOEXEC;
2213 }
2214 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK);
2215 if (fit_uname) {
2216 /* get FIT component image node offset */
2217 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_UNIT_NAME);
2218 noffset = fit_image_get_node(fit, fit_uname);
2219 } else {
2220 /*
2221 * no image node unit name, try to get config
2222 * node first. If config unit node name is NULL
2223 * fit_conf_get_node() will try to find default config node
2224 */
2225 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME);
2226 if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) {
2227 cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob());
2228 } else {
2229 cfg_noffset = fit_conf_get_node(fit,
2230 fit_uname_config);
2231 }
2232 if (cfg_noffset < 0) {
2233 puts("Could not find configuration node\n");
2234 bootstage_error(bootstage_id +
2235 BOOTSTAGE_SUB_NO_UNIT_NAME);
2236 return -ENOENT;
2237 }
2238 fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
2239 printf(" Using '%s' configuration\n", fit_base_uname_config);
2240 if (image_type == IH_TYPE_KERNEL) {
2241 #ifndef USE_HOSTCC
2242 /* If board required sigs, check self */
2243 if (fit_board_verify_required_sigs() &&
2244 !IS_ENABLED(CONFIG_FIT_SIGNATURE)) {
2245 printf("Verified-boot requires CONFIG_FIT_SIGNATURE enabled\n");
2246 hang();
2247 }
2248 #endif
2249 /* Remember (and possibly verify) this config */
2250 images->fit_uname_cfg = fit_base_uname_config;
2251 if (IMAGE_ENABLE_VERIFY) {
2252 puts(" Verifying Hash Integrity ... ");
2253 if (fit_config_verify(fit, cfg_noffset)) {
2254 puts("Bad Data Hash\n");
2255 bootstage_error(bootstage_id +
2256 BOOTSTAGE_SUB_HASH);
2257 return -EACCES;
2258 }
2259 puts("OK\n");
2260
2261 #ifdef CONFIG_FIT_ROLLBACK_PROTECT
2262 uint32_t this_index, min_index;
2263
2264 puts(" Verifying Rollback-index ... ");
2265 if (fit_rollback_index_verify(fit,
2266 FIT_ROLLBACK_INDEX,
2267 &this_index, &min_index)) {
2268 puts("Failed to get index\n");
2269 return ret;
2270 } else if (this_index < min_index) {
2271 printf("Reject index %d < %d(min)\n",
2272 this_index, min_index);
2273 return -EINVAL;
2274 }
2275
2276 printf("%d >= %d(min), OK\n", this_index, min_index);
2277 #endif
2278 }
2279 bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
2280 }
2281
2282 noffset = fit_conf_get_prop_node_index(fit, cfg_noffset,
2283 prop_name, image_index);
2284 fit_uname = fit_get_name(fit, noffset, NULL);
2285 }
2286 if (noffset < 0) {
2287 puts("Could not find subimage node\n");
2288 bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE);
2289 return -ENOENT;
2290 }
2291
2292 printf(" Trying '%s' %s subimage\n", fit_uname, prop_name);
2293
2294 ret = fit_image_select(fit, noffset, images->verify);
2295 if (ret) {
2296 bootstage_error(bootstage_id + BOOTSTAGE_SUB_HASH);
2297 return ret;
2298 }
2299
2300 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
2301 #if !defined(USE_HOSTCC) && !defined(CONFIG_SANDBOX)
2302 if (!fit_image_check_target_arch(fit, noffset)) {
2303 puts("Unsupported Architecture\n");
2304 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
2305 return -ENOEXEC;
2306 }
2307 #endif
2308
2309 #ifndef USE_HOSTCC
2310 fit_image_get_arch(fit, noffset, &os_arch);
2311 images->os.arch = os_arch;
2312 #endif
2313
2314 if (image_type == IH_TYPE_FLATDT &&
2315 !fit_image_check_comp(fit, noffset, IH_COMP_NONE)) {
2316 puts("FDT image is compressed");
2317 return -EPROTONOSUPPORT;
2318 }
2319
2320 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
2321 type_ok = fit_image_check_type(fit, noffset, image_type) ||
2322 fit_image_check_type(fit, noffset, IH_TYPE_FIRMWARE) ||
2323 (image_type == IH_TYPE_KERNEL &&
2324 fit_image_check_type(fit, noffset, IH_TYPE_KERNEL_NOLOAD));
2325
2326 os_ok = image_type == IH_TYPE_FLATDT ||
2327 image_type == IH_TYPE_FPGA ||
2328 fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
2329 fit_image_check_os(fit, noffset, IH_OS_ARM_TRUSTED_FIRMWARE) ||
2330 fit_image_check_os(fit, noffset, IH_OS_OP_TEE) ||
2331 fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
2332 fit_image_check_os(fit, noffset, IH_OS_QNX) ||
2333 fit_image_check_os(fit, noffset, IH_OS_OPENRTOS);
2334
2335 /*
2336 * If either of the checks fail, we should report an error, but
2337 * if the image type is coming from the "loadables" field, we
2338 * don't care what it is
2339 */
2340 if ((!type_ok || !os_ok) && image_type != IH_TYPE_LOADABLE) {
2341 fit_image_get_os(fit, noffset, &os);
2342 printf("No %s %s %s Image\n",
2343 genimg_get_os_name(os),
2344 genimg_get_arch_name(arch),
2345 genimg_get_type_name(image_type));
2346 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
2347 return -EIO;
2348 }
2349
2350 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL_OK);
2351
2352 /* get image data address and length */
2353 if (fit_image_get_data(fit, noffset, &buf, &size)) {
2354 printf("Could not find %s subimage data!\n", prop_name);
2355 bootstage_error(bootstage_id + BOOTSTAGE_SUB_GET_DATA);
2356 return -ENOENT;
2357 }
2358
2359 #if !defined(USE_HOSTCC)
2360 ret = fit_image_get_load(fit, noffset, &load);
2361 if (ret < 0)
2362 return ret;
2363
2364 #if defined(CONFIG_FIT_CIPHER)
2365 int cipher_noffset =
2366 fdt_subnode_offset(fit, noffset, FIT_CIPHER_NODENAME);
2367
2368 if (cipher_noffset > 0) {
2369 printf(" Decrypting Data ... ");
2370 ret = fit_image_uncipher(fit, noffset, (ulong)buf, size, load);
2371 if (ret) {
2372 printf(" Error: %d\n", ret);
2373 return -EACCES;
2374 }
2375 buf = (void *)load;
2376 printf(" OK\n");
2377 }
2378 #endif
2379
2380 #if defined(CONFIG_FIT_IMAGE_POST_PROCESS)
2381 /* perform any post-processing on the image data */
2382 if (board_fit_image_post_process((void *)fit, noffset,
2383 &load, (ulong **)&buf, &size, NULL))
2384 return -EINVAL;
2385 #endif
2386 #endif
2387
2388 len = (ulong)size;
2389
2390 /* verify that image data is a proper FDT blob */
2391 if (image_type == IH_TYPE_FLATDT && fdt_check_header(buf)) {
2392 puts("Subimage data is not a FDT");
2393 return -ENOEXEC;
2394 }
2395
2396 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_GET_DATA_OK);
2397
2398 /*
2399 * Work-around for eldk-4.2 which gives this warning if we try to
2400 * cast in the unmap_sysmem() call:
2401 * warning: initialization discards qualifiers from pointer target type
2402 */
2403 {
2404 void *vbuf = (void *)buf;
2405
2406 data = map_to_sysmem(vbuf);
2407 }
2408
2409 if (load_op == FIT_LOAD_IGNORED) {
2410 /* Don't load */
2411 } else if (fit_image_get_load(fit, noffset, &load)) {
2412 if (load_op == FIT_LOAD_REQUIRED) {
2413 printf("Can't get %s subimage load address!\n",
2414 prop_name);
2415 bootstage_error(bootstage_id + BOOTSTAGE_SUB_LOAD);
2416 return -EBADF;
2417 }
2418 } else if (load_op != FIT_LOAD_OPTIONAL_NON_ZERO || load) {
2419 ulong image_start, image_end;
2420 ulong load_end;
2421 void *dst;
2422
2423 /*
2424 * move image data to the load address,
2425 * make sure we don't overwrite initial image
2426 */
2427 image_start = addr;
2428 image_end = addr + fit_get_size(fit);
2429
2430 load_end = load + len;
2431 if (image_type != IH_TYPE_KERNEL &&
2432 load < image_end && load_end > image_start) {
2433 printf("Error: %s overwritten\n", prop_name);
2434 return -EXDEV;
2435 }
2436
2437 printf(" Loading %s from 0x%08lx to 0x%08lx\n",
2438 prop_name, data, load);
2439
2440 dst = map_sysmem(load, len);
2441 memmove(dst, buf, len);
2442 data = load;
2443 }
2444 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_LOAD);
2445
2446 *datap = data;
2447 *lenp = len;
2448 if (fit_unamep)
2449 *fit_unamep = (char *)fit_uname;
2450 if (fit_uname_configp)
2451 *fit_uname_configp = (char *)(fit_uname_config ? :
2452 fit_base_uname_config);
2453
2454 return noffset;
2455 }
2456
fit_image_load(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,int image_type,int bootstage_id,enum fit_load_op load_op,ulong * datap,ulong * lenp)2457 int fit_image_load(bootm_headers_t *images, ulong addr,
2458 const char **fit_unamep, const char **fit_uname_configp,
2459 int arch, int image_type, int bootstage_id,
2460 enum fit_load_op load_op, ulong *datap, ulong *lenp)
2461 {
2462 return fit_image_load_index(images, addr,fit_unamep, fit_uname_configp,
2463 arch, image_type, 0, bootstage_id,
2464 load_op, datap, lenp);
2465 }
2466
boot_get_setup_fit(bootm_headers_t * images,uint8_t arch,ulong * setup_start,ulong * setup_len)2467 int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
2468 ulong *setup_start, ulong *setup_len)
2469 {
2470 int noffset;
2471 ulong addr;
2472 ulong len;
2473 int ret;
2474
2475 addr = map_to_sysmem(images->fit_hdr_os);
2476 noffset = fit_get_node_from_config(images, FIT_SETUP_PROP, addr);
2477 if (noffset < 0)
2478 return noffset;
2479
2480 ret = fit_image_load(images, addr, NULL, NULL, arch,
2481 IH_TYPE_X86_SETUP, BOOTSTAGE_ID_FIT_SETUP_START,
2482 FIT_LOAD_REQUIRED, setup_start, &len);
2483
2484 return ret;
2485 }
2486
2487 #ifndef USE_HOSTCC
boot_get_fdt_fit(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,ulong * datap,ulong * lenp)2488 int boot_get_fdt_fit(bootm_headers_t *images, ulong addr,
2489 const char **fit_unamep, const char **fit_uname_configp,
2490 int arch, ulong *datap, ulong *lenp)
2491 {
2492 int fdt_noffset, cfg_noffset, count;
2493 const void *fit;
2494 const char *fit_uname = NULL;
2495 const char *fit_uname_config = NULL;
2496 char *fit_uname_config_copy = NULL;
2497 char *next_config = NULL;
2498 ulong load, len;
2499 #ifdef CONFIG_OF_LIBFDT_OVERLAY
2500 ulong image_start, image_end;
2501 ulong ovload, ovlen;
2502 const char *uconfig;
2503 const char *uname;
2504 void *base, *ov;
2505 int i, err, noffset, ov_noffset;
2506 #endif
2507
2508 fit_uname = fit_unamep ? *fit_unamep : NULL;
2509
2510 if (fit_uname_configp && *fit_uname_configp) {
2511 fit_uname_config_copy = strdup(*fit_uname_configp);
2512 if (!fit_uname_config_copy)
2513 return -ENOMEM;
2514
2515 next_config = strchr(fit_uname_config_copy, '#');
2516 if (next_config)
2517 *next_config++ = '\0';
2518 if (next_config - 1 > fit_uname_config_copy)
2519 fit_uname_config = fit_uname_config_copy;
2520 }
2521
2522 fdt_noffset = fit_image_load(images,
2523 addr, &fit_uname, &fit_uname_config,
2524 arch, IH_TYPE_FLATDT,
2525 BOOTSTAGE_ID_FIT_FDT_START,
2526 FIT_LOAD_OPTIONAL, &load, &len);
2527
2528 if (fdt_noffset < 0)
2529 goto out;
2530
2531 debug("fit_uname=%s, fit_uname_config=%s\n",
2532 fit_uname ? fit_uname : "<NULL>",
2533 fit_uname_config ? fit_uname_config : "<NULL>");
2534
2535 fit = map_sysmem(addr, 0);
2536
2537 cfg_noffset = fit_conf_get_node(fit, fit_uname_config);
2538
2539 /* single blob, or error just return as well */
2540 count = fit_conf_get_prop_node_count(fit, cfg_noffset, FIT_FDT_PROP);
2541 if (count <= 1 && !next_config)
2542 goto out;
2543
2544 /* we need to apply overlays */
2545
2546 #ifdef CONFIG_OF_LIBFDT_OVERLAY
2547 image_start = addr;
2548 image_end = addr + fit_get_size(fit);
2549 /* verify that relocation took place by load address not being in fit */
2550 if (load >= image_start && load < image_end) {
2551 /* check is simplified; fit load checks for overlaps */
2552 printf("Overlayed FDT requires relocation\n");
2553 fdt_noffset = -EBADF;
2554 goto out;
2555 }
2556
2557 base = map_sysmem(load, len);
2558
2559 /* apply extra configs in FIT first, followed by args */
2560 for (i = 1; ; i++) {
2561 if (i < count) {
2562 noffset = fit_conf_get_prop_node_index(fit, cfg_noffset,
2563 FIT_FDT_PROP, i);
2564 uname = fit_get_name(fit, noffset, NULL);
2565 uconfig = NULL;
2566 } else {
2567 if (!next_config)
2568 break;
2569 uconfig = next_config;
2570 next_config = strchr(next_config, '#');
2571 if (next_config)
2572 *next_config++ = '\0';
2573 uname = NULL;
2574 }
2575
2576 debug("%d: using uname=%s uconfig=%s\n", i, uname, uconfig);
2577
2578 ov_noffset = fit_image_load(images,
2579 addr, &uname, &uconfig,
2580 arch, IH_TYPE_FLATDT,
2581 BOOTSTAGE_ID_FIT_FDT_START,
2582 FIT_LOAD_REQUIRED, &ovload, &ovlen);
2583 if (ov_noffset < 0) {
2584 printf("load of %s failed\n", uname);
2585 continue;
2586 }
2587 debug("%s loaded at 0x%08lx len=0x%08lx\n",
2588 uname, ovload, ovlen);
2589 ov = map_sysmem(ovload, ovlen);
2590
2591 base = map_sysmem(load, len + ovlen);
2592 err = fdt_open_into(base, base, len + ovlen);
2593 if (err < 0) {
2594 printf("failed on fdt_open_into\n");
2595 fdt_noffset = err;
2596 goto out;
2597 }
2598 /* the verbose method prints out messages on error */
2599 err = fdt_overlay_apply_verbose(base, ov);
2600 if (err < 0) {
2601 fdt_noffset = err;
2602 goto out;
2603 }
2604 fdt_pack(base);
2605 len = fdt_totalsize(base);
2606 }
2607 #else
2608 printf("config with overlays but CONFIG_OF_LIBFDT_OVERLAY not set\n");
2609 fdt_noffset = -EBADF;
2610 #endif
2611
2612 out:
2613 if (datap)
2614 *datap = load;
2615 if (lenp)
2616 *lenp = len;
2617 if (fit_unamep)
2618 *fit_unamep = fit_uname;
2619 if (fit_uname_configp)
2620 *fit_uname_configp = fit_uname_config;
2621
2622 if (fit_uname_config_copy)
2623 free(fit_uname_config_copy);
2624 return fdt_noffset;
2625 }
2626 #endif
2627