1 /* 2 * Copyright (c) 2013, Google Inc. 3 * 4 * (C) Copyright 2008 Semihalf 5 * 6 * (C) Copyright 2000-2006 7 * Wolfgang Denk, DENX Software Engineering, wd@denx.de. 8 * 9 * SPDX-License-Identifier: GPL-2.0+ 10 */ 11 12 #ifdef USE_HOSTCC 13 #include "mkimage.h" 14 #include <time.h> 15 #else 16 #include <linux/compiler.h> 17 #include <linux/kconfig.h> 18 #include <common.h> 19 #include <errno.h> 20 #include <mapmem.h> 21 #include <asm/io.h> 22 #include <malloc.h> 23 #include <crypto.h> 24 25 DECLARE_GLOBAL_DATA_PTR; 26 #endif /* !USE_HOSTCC*/ 27 28 #include <image.h> 29 #include <bootstage.h> 30 #include <u-boot/crc.h> 31 #include <u-boot/md5.h> 32 #include <u-boot/sha1.h> 33 #include <u-boot/sha256.h> 34 #ifdef CONFIG_OPTEE_CLIENT 35 #include <optee_include/OpteeClientInterface.h> 36 #endif 37 38 #define __round_mask(x, y) ((__typeof__(x))((y)-1)) 39 #define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) 40 41 /*****************************************************************************/ 42 /* New uImage format routines */ 43 /*****************************************************************************/ 44 #ifndef USE_HOSTCC 45 static int fit_parse_spec(const char *spec, char sepc, ulong addr_curr, 46 ulong *addr, const char **name) 47 { 48 const char *sep; 49 50 *addr = addr_curr; 51 *name = NULL; 52 53 sep = strchr(spec, sepc); 54 if (sep) { 55 if (sep - spec > 0) 56 *addr = simple_strtoul(spec, NULL, 16); 57 58 *name = sep + 1; 59 return 1; 60 } 61 62 return 0; 63 } 64 65 /** 66 * fit_parse_conf - parse FIT configuration spec 67 * @spec: input string, containing configuration spec 68 * @add_curr: current image address (to be used as a possible default) 69 * @addr: pointer to a ulong variable, will hold FIT image address of a given 70 * configuration 71 * @conf_name double pointer to a char, will hold pointer to a configuration 72 * unit name 73 * 74 * fit_parse_conf() expects configuration spec in the form of [<addr>]#<conf>, 75 * where <addr> is a FIT image address that contains configuration 76 * with a <conf> unit name. 77 * 78 * Address part is optional, and if omitted default add_curr will 79 * be used instead. 80 * 81 * returns: 82 * 1 if spec is a valid configuration string, 83 * addr and conf_name are set accordingly 84 * 0 otherwise 85 */ 86 int fit_parse_conf(const char *spec, ulong addr_curr, 87 ulong *addr, const char **conf_name) 88 { 89 return fit_parse_spec(spec, '#', addr_curr, addr, conf_name); 90 } 91 92 /** 93 * fit_parse_subimage - parse FIT subimage spec 94 * @spec: input string, containing subimage spec 95 * @add_curr: current image address (to be used as a possible default) 96 * @addr: pointer to a ulong variable, will hold FIT image address of a given 97 * subimage 98 * @image_name: double pointer to a char, will hold pointer to a subimage name 99 * 100 * fit_parse_subimage() expects subimage spec in the form of 101 * [<addr>]:<subimage>, where <addr> is a FIT image address that contains 102 * subimage with a <subimg> unit name. 103 * 104 * Address part is optional, and if omitted default add_curr will 105 * be used instead. 106 * 107 * returns: 108 * 1 if spec is a valid subimage string, 109 * addr and image_name are set accordingly 110 * 0 otherwise 111 */ 112 int fit_parse_subimage(const char *spec, ulong addr_curr, 113 ulong *addr, const char **image_name) 114 { 115 return fit_parse_spec(spec, ':', addr_curr, addr, image_name); 116 } 117 #endif /* !USE_HOSTCC */ 118 119 static void fit_get_debug(const void *fit, int noffset, 120 char *prop_name, int err) 121 { 122 debug("Can't get '%s' property from FIT 0x%08lx, node: offset %d, name %s (%s)\n", 123 prop_name, (ulong)fit, noffset, fit_get_name(fit, noffset, NULL), 124 fdt_strerror(err)); 125 } 126 127 /** 128 * fit_get_subimage_count - get component (sub-image) count 129 * @fit: pointer to the FIT format image header 130 * @images_noffset: offset of images node 131 * 132 * returns: 133 * number of image components 134 */ 135 int fit_get_subimage_count(const void *fit, int images_noffset) 136 { 137 int noffset; 138 int ndepth; 139 int count = 0; 140 141 /* Process its subnodes, print out component images details */ 142 for (ndepth = 0, count = 0, 143 noffset = fdt_next_node(fit, images_noffset, &ndepth); 144 (noffset >= 0) && (ndepth > 0); 145 noffset = fdt_next_node(fit, noffset, &ndepth)) { 146 if (ndepth == 1) { 147 count++; 148 } 149 } 150 151 return count; 152 } 153 154 #if !defined(CONFIG_SPL_BUILD) || defined(CONFIG_FIT_SPL_PRINT) 155 /** 156 * fit_print_contents - prints out the contents of the FIT format image 157 * @fit: pointer to the FIT format image header 158 * @p: pointer to prefix string 159 * 160 * fit_print_contents() formats a multi line FIT image contents description. 161 * The routine prints out FIT image properties (root node level) followed by 162 * the details of each component image. 163 * 164 * returns: 165 * no returned results 166 */ 167 void fit_print_contents(const void *fit) 168 { 169 char *desc; 170 char *uname; 171 int images_noffset; 172 int confs_noffset; 173 int noffset; 174 int ndepth; 175 int count = 0; 176 int ret; 177 const char *p; 178 time_t timestamp; 179 180 /* Indent string is defined in header image.h */ 181 p = IMAGE_INDENT_STRING; 182 183 /* Root node properties */ 184 ret = fit_get_desc(fit, 0, &desc); 185 printf("%sFIT description: ", p); 186 if (ret) 187 printf("unavailable\n"); 188 else 189 printf("%s\n", desc); 190 191 if (IMAGE_ENABLE_TIMESTAMP) { 192 ret = fit_get_timestamp(fit, 0, ×tamp); 193 printf("%sCreated: ", p); 194 if (ret) 195 printf("unavailable\n"); 196 else 197 genimg_print_time(timestamp); 198 } 199 200 /* Find images parent node offset */ 201 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); 202 if (images_noffset < 0) { 203 printf("Can't find images parent node '%s' (%s)\n", 204 FIT_IMAGES_PATH, fdt_strerror(images_noffset)); 205 return; 206 } 207 208 /* Process its subnodes, print out component images details */ 209 for (ndepth = 0, count = 0, 210 noffset = fdt_next_node(fit, images_noffset, &ndepth); 211 (noffset >= 0) && (ndepth > 0); 212 noffset = fdt_next_node(fit, noffset, &ndepth)) { 213 if (ndepth == 1) { 214 /* 215 * Direct child node of the images parent node, 216 * i.e. component image node. 217 */ 218 printf("%s Image %u (%s)\n", p, count++, 219 fit_get_name(fit, noffset, NULL)); 220 221 fit_image_print(fit, noffset, p); 222 } 223 } 224 225 /* Find configurations parent node offset */ 226 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH); 227 if (confs_noffset < 0) { 228 debug("Can't get configurations parent node '%s' (%s)\n", 229 FIT_CONFS_PATH, fdt_strerror(confs_noffset)); 230 return; 231 } 232 233 /* get default configuration unit name from default property */ 234 uname = (char *)fdt_getprop(fit, noffset, FIT_DEFAULT_PROP, NULL); 235 if (uname) 236 printf("%s Default Configuration: '%s'\n", p, uname); 237 238 /* Process its subnodes, print out configurations details */ 239 for (ndepth = 0, count = 0, 240 noffset = fdt_next_node(fit, confs_noffset, &ndepth); 241 (noffset >= 0) && (ndepth > 0); 242 noffset = fdt_next_node(fit, noffset, &ndepth)) { 243 if (ndepth == 1) { 244 /* 245 * Direct child node of the configurations parent node, 246 * i.e. configuration node. 247 */ 248 printf("%s Configuration %u (%s)\n", p, count++, 249 fit_get_name(fit, noffset, NULL)); 250 251 fit_conf_print(fit, noffset, p); 252 } 253 } 254 } 255 256 /** 257 * fit_image_print_data() - prints out the hash node details 258 * @fit: pointer to the FIT format image header 259 * @noffset: offset of the hash node 260 * @p: pointer to prefix string 261 * @type: Type of information to print ("hash" or "sign") 262 * 263 * fit_image_print_data() lists properties for the processed hash node 264 * 265 * This function avoid using puts() since it prints a newline on the host 266 * but does not in U-Boot. 267 * 268 * returns: 269 * no returned results 270 */ 271 static void fit_image_print_data(const void *fit, int noffset, const char *p, 272 const char *type) 273 { 274 const char *keyname; 275 uint8_t *value; 276 int value_len; 277 char *algo; 278 int required; 279 int ret, i; 280 281 debug("%s %s node: '%s'\n", p, type, 282 fit_get_name(fit, noffset, NULL)); 283 printf("%s %s algo: ", p, type); 284 if (fit_image_hash_get_algo(fit, noffset, &algo)) { 285 printf("invalid/unsupported\n"); 286 return; 287 } 288 printf("%s", algo); 289 keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); 290 required = fdt_getprop(fit, noffset, "required", NULL) != NULL; 291 if (keyname) 292 printf(":%s", keyname); 293 if (required) 294 printf(" (required)"); 295 printf("\n"); 296 297 ret = fit_image_hash_get_value(fit, noffset, &value, 298 &value_len); 299 printf("%s %s value: ", p, type); 300 if (ret) { 301 printf("unavailable\n"); 302 } else { 303 for (i = 0; i < value_len; i++) 304 printf("%02x", value[i]); 305 printf("\n"); 306 } 307 308 debug("%s %s len: %d\n", p, type, value_len); 309 310 /* Signatures have a time stamp */ 311 if (IMAGE_ENABLE_TIMESTAMP && keyname) { 312 time_t timestamp; 313 314 printf("%s Timestamp: ", p); 315 if (fit_get_timestamp(fit, noffset, ×tamp)) 316 printf("unavailable\n"); 317 else 318 genimg_print_time(timestamp); 319 } 320 } 321 322 /** 323 * fit_image_print_verification_data() - prints out the hash/signature details 324 * @fit: pointer to the FIT format image header 325 * @noffset: offset of the hash or signature node 326 * @p: pointer to prefix string 327 * 328 * This lists properties for the processed hash node 329 * 330 * returns: 331 * no returned results 332 */ 333 static void fit_image_print_verification_data(const void *fit, int noffset, 334 const char *p) 335 { 336 const char *name; 337 338 /* 339 * Check subnode name, must be equal to "hash" or "signature". 340 * Multiple hash/signature nodes require unique unit node 341 * names, e.g. hash@1, hash@2, signature@1, signature@2, etc. 342 */ 343 name = fit_get_name(fit, noffset, NULL); 344 if (!strncmp(name, FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME))) { 345 fit_image_print_data(fit, noffset, p, "Hash"); 346 } else if (!strncmp(name, FIT_SIG_NODENAME, 347 strlen(FIT_SIG_NODENAME))) { 348 fit_image_print_data(fit, noffset, p, "Sign"); 349 } 350 } 351 352 /** 353 * fit_image_print - prints out the FIT component image details 354 * @fit: pointer to the FIT format image header 355 * @image_noffset: offset of the component image node 356 * @p: pointer to prefix string 357 * 358 * fit_image_print() lists all mandatory properties for the processed component 359 * image. If present, hash nodes are printed out as well. Load 360 * address for images of type firmware is also printed out. Since the load 361 * address is not mandatory for firmware images, it will be output as 362 * "unavailable" when not present. 363 * 364 * returns: 365 * no returned results 366 */ 367 void fit_image_print(const void *fit, int image_noffset, const char *p) 368 { 369 char *desc; 370 uint8_t type, arch, os, comp; 371 size_t size; 372 ulong load, entry; 373 const void *data; 374 int noffset; 375 int ndepth; 376 int ret; 377 378 /* Mandatory properties */ 379 ret = fit_get_desc(fit, image_noffset, &desc); 380 printf("%s Description: ", p); 381 if (ret) 382 printf("unavailable\n"); 383 else 384 printf("%s\n", desc); 385 386 if (IMAGE_ENABLE_TIMESTAMP) { 387 time_t timestamp; 388 389 ret = fit_get_timestamp(fit, 0, ×tamp); 390 printf("%s Created: ", p); 391 if (ret) 392 printf("unavailable\n"); 393 else 394 genimg_print_time(timestamp); 395 } 396 397 fit_image_get_type(fit, image_noffset, &type); 398 printf("%s Type: %s\n", p, genimg_get_type_name(type)); 399 400 fit_image_get_comp(fit, image_noffset, &comp); 401 printf("%s Compression: %s\n", p, genimg_get_comp_name(comp)); 402 403 ret = fit_image_get_data(fit, image_noffset, &data, &size); 404 405 #ifndef USE_HOSTCC 406 printf("%s Data Start: ", p); 407 if (ret) { 408 printf("unavailable\n"); 409 } else { 410 void *vdata = (void *)data; 411 412 printf("0x%08lx\n", (ulong)map_to_sysmem(vdata)); 413 } 414 #endif 415 416 printf("%s Data Size: ", p); 417 if (ret) 418 printf("unavailable\n"); 419 else 420 genimg_print_size(size); 421 422 /* Remaining, type dependent properties */ 423 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) || 424 (type == IH_TYPE_RAMDISK) || (type == IH_TYPE_FIRMWARE) || 425 (type == IH_TYPE_FLATDT)) { 426 fit_image_get_arch(fit, image_noffset, &arch); 427 printf("%s Architecture: %s\n", p, genimg_get_arch_name(arch)); 428 } 429 430 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_RAMDISK)) { 431 fit_image_get_os(fit, image_noffset, &os); 432 printf("%s OS: %s\n", p, genimg_get_os_name(os)); 433 } 434 435 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) || 436 (type == IH_TYPE_FIRMWARE) || (type == IH_TYPE_RAMDISK) || 437 (type == IH_TYPE_FPGA)) { 438 ret = fit_image_get_load(fit, image_noffset, &load); 439 printf("%s Load Address: ", p); 440 if (ret) 441 printf("unavailable\n"); 442 else 443 printf("0x%08lx\n", load); 444 } 445 446 /* optional load address for FDT */ 447 if (type == IH_TYPE_FLATDT && !fit_image_get_load(fit, image_noffset, &load)) 448 printf("%s Load Address: 0x%08lx\n", p, load); 449 450 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) || 451 (type == IH_TYPE_RAMDISK)) { 452 ret = fit_image_get_entry(fit, image_noffset, &entry); 453 printf("%s Entry Point: ", p); 454 if (ret) 455 printf("unavailable\n"); 456 else 457 printf("0x%08lx\n", entry); 458 } 459 460 /* Process all hash subnodes of the component image node */ 461 for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth); 462 (noffset >= 0) && (ndepth > 0); 463 noffset = fdt_next_node(fit, noffset, &ndepth)) { 464 if (ndepth == 1) { 465 /* Direct child node of the component image node */ 466 fit_image_print_verification_data(fit, noffset, p); 467 } 468 } 469 } 470 471 #endif /* !defined(CONFIG_SPL_BUILD) || defined(CONFIG_FIT_SPL_PRINT) */ 472 473 /** 474 * fit_get_desc - get node description property 475 * @fit: pointer to the FIT format image header 476 * @noffset: node offset 477 * @desc: double pointer to the char, will hold pointer to the description 478 * 479 * fit_get_desc() reads description property from a given node, if 480 * description is found pointer to it is returned in third call argument. 481 * 482 * returns: 483 * 0, on success 484 * -1, on failure 485 */ 486 int fit_get_desc(const void *fit, int noffset, char **desc) 487 { 488 int len; 489 490 *desc = (char *)fdt_getprop(fit, noffset, FIT_DESC_PROP, &len); 491 if (*desc == NULL) { 492 fit_get_debug(fit, noffset, FIT_DESC_PROP, len); 493 return -1; 494 } 495 496 return 0; 497 } 498 499 /** 500 * fit_get_timestamp - get node timestamp property 501 * @fit: pointer to the FIT format image header 502 * @noffset: node offset 503 * @timestamp: pointer to the time_t, will hold read timestamp 504 * 505 * fit_get_timestamp() reads timestamp property from given node, if timestamp 506 * is found and has a correct size its value is returned in third call 507 * argument. 508 * 509 * returns: 510 * 0, on success 511 * -1, on property read failure 512 * -2, on wrong timestamp size 513 */ 514 int fit_get_timestamp(const void *fit, int noffset, time_t *timestamp) 515 { 516 int len; 517 const void *data; 518 519 data = fdt_getprop(fit, noffset, FIT_TIMESTAMP_PROP, &len); 520 if (data == NULL) { 521 fit_get_debug(fit, noffset, FIT_TIMESTAMP_PROP, len); 522 return -1; 523 } 524 if (len != sizeof(uint32_t)) { 525 debug("FIT timestamp with incorrect size of (%u)\n", len); 526 return -2; 527 } 528 529 *timestamp = uimage_to_cpu(*((uint32_t *)data)); 530 return 0; 531 } 532 533 /** 534 * fit_get_totalsize - get node totalsize property. 535 * 536 * @fit: pointer to the FIT image header 537 * @totalsize: holds the /totalsize property 538 * 539 * returns: 540 * 0, on success 541 * -ENOENT if the property could not be found 542 */ 543 int fit_get_totalsize(const void *fit, int *totalsize) 544 { 545 const fdt32_t *val; 546 547 val = fdt_getprop(fit, 0, FIT_TOTALSIZE_PROP, NULL); 548 if (!val) 549 return -ENOENT; 550 551 *totalsize = fdt32_to_cpu(*val); 552 553 return 0; 554 } 555 556 /** 557 * fit_image_get_node - get node offset for component image of a given unit name 558 * @fit: pointer to the FIT format image header 559 * @image_uname: component image node unit name 560 * 561 * fit_image_get_node() finds a component image (within the '/images' 562 * node) of a provided unit name. If image is found its node offset is 563 * returned to the caller. 564 * 565 * returns: 566 * image node offset when found (>=0) 567 * negative number on failure (FDT_ERR_* code) 568 */ 569 int fit_image_get_node(const void *fit, const char *image_uname) 570 { 571 int noffset, images_noffset; 572 573 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); 574 if (images_noffset < 0) { 575 debug("Can't find images parent node '%s' (%s)\n", 576 FIT_IMAGES_PATH, fdt_strerror(images_noffset)); 577 return images_noffset; 578 } 579 580 noffset = fdt_subnode_offset(fit, images_noffset, image_uname); 581 if (noffset < 0) { 582 debug("Can't get node offset for image unit name: '%s' (%s)\n", 583 image_uname, fdt_strerror(noffset)); 584 } 585 586 return noffset; 587 } 588 589 /** 590 * fit_image_get_os - get os id for a given component image node 591 * @fit: pointer to the FIT format image header 592 * @noffset: component image node offset 593 * @os: pointer to the uint8_t, will hold os numeric id 594 * 595 * fit_image_get_os() finds os property in a given component image node. 596 * If the property is found, its (string) value is translated to the numeric 597 * id which is returned to the caller. 598 * 599 * returns: 600 * 0, on success 601 * -1, on failure 602 */ 603 int fit_image_get_os(const void *fit, int noffset, uint8_t *os) 604 { 605 int len; 606 const void *data; 607 608 /* Get OS name from property data */ 609 data = fdt_getprop(fit, noffset, FIT_OS_PROP, &len); 610 if (data == NULL) { 611 fit_get_debug(fit, noffset, FIT_OS_PROP, len); 612 *os = -1; 613 return -1; 614 } 615 616 /* Translate OS name to id */ 617 *os = genimg_get_os_id(data); 618 return 0; 619 } 620 621 /** 622 * fit_image_get_arch - get arch id for a given component image node 623 * @fit: pointer to the FIT format image header 624 * @noffset: component image node offset 625 * @arch: pointer to the uint8_t, will hold arch numeric id 626 * 627 * fit_image_get_arch() finds arch property in a given component image node. 628 * If the property is found, its (string) value is translated to the numeric 629 * id which is returned to the caller. 630 * 631 * returns: 632 * 0, on success 633 * -1, on failure 634 */ 635 int fit_image_get_arch(const void *fit, int noffset, uint8_t *arch) 636 { 637 int len; 638 const void *data; 639 640 /* Get architecture name from property data */ 641 data = fdt_getprop(fit, noffset, FIT_ARCH_PROP, &len); 642 if (data == NULL) { 643 fit_get_debug(fit, noffset, FIT_ARCH_PROP, len); 644 *arch = -1; 645 return -1; 646 } 647 648 /* Translate architecture name to id */ 649 *arch = genimg_get_arch_id(data); 650 return 0; 651 } 652 653 /** 654 * fit_image_get_type - get type id for a given component image node 655 * @fit: pointer to the FIT format image header 656 * @noffset: component image node offset 657 * @type: pointer to the uint8_t, will hold type numeric id 658 * 659 * fit_image_get_type() finds type property in a given component image node. 660 * If the property is found, its (string) value is translated to the numeric 661 * id which is returned to the caller. 662 * 663 * returns: 664 * 0, on success 665 * -1, on failure 666 */ 667 int fit_image_get_type(const void *fit, int noffset, uint8_t *type) 668 { 669 int len; 670 const void *data; 671 672 /* Get image type name from property data */ 673 data = fdt_getprop(fit, noffset, FIT_TYPE_PROP, &len); 674 if (data == NULL) { 675 fit_get_debug(fit, noffset, FIT_TYPE_PROP, len); 676 *type = -1; 677 return -1; 678 } 679 680 /* Translate image type name to id */ 681 *type = genimg_get_type_id(data); 682 return 0; 683 } 684 685 /** 686 * fit_image_get_comp - get comp id for a given component image node 687 * @fit: pointer to the FIT format image header 688 * @noffset: component image node offset 689 * @comp: pointer to the uint8_t, will hold comp numeric id 690 * 691 * fit_image_get_comp() finds comp property in a given component image node. 692 * If the property is found, its (string) value is translated to the numeric 693 * id which is returned to the caller. 694 * 695 * returns: 696 * 0, on success 697 * -1, on failure 698 */ 699 int fit_image_get_comp(const void *fit, int noffset, uint8_t *comp) 700 { 701 int len; 702 const void *data; 703 704 /* Get compression name from property data */ 705 data = fdt_getprop(fit, noffset, FIT_COMP_PROP, &len); 706 if (data == NULL) { 707 fit_get_debug(fit, noffset, FIT_COMP_PROP, len); 708 *comp = -1; 709 return -1; 710 } 711 712 /* Translate compression name to id */ 713 *comp = genimg_get_comp_id(data); 714 return 0; 715 } 716 717 bool fit_image_is_preload(const void *fit, int noffset) 718 { 719 int len; 720 int *data; 721 722 data = (int *)fdt_getprop(fit, noffset, FIT_PRE_LOAD_PROP, &len); 723 if (data == NULL || len != sizeof(int)) { 724 fit_get_debug(fit, noffset, FIT_PRE_LOAD_PROP, len); 725 return false; 726 } 727 728 if (fdt32_to_cpu(*data) != 1) 729 return false; 730 731 return true; 732 } 733 734 static int fit_image_get_address(const void *fit, int noffset, char *name, 735 ulong *load) 736 { 737 int len, cell_len; 738 const fdt32_t *cell; 739 uint64_t load64 = 0; 740 741 cell = fdt_getprop(fit, noffset, name, &len); 742 if (cell == NULL) { 743 fit_get_debug(fit, noffset, name, len); 744 return -1; 745 } 746 747 if (len > sizeof(ulong)) { 748 printf("Unsupported %s address size\n", name); 749 return -1; 750 } 751 752 cell_len = len >> 2; 753 /* Use load64 to avoid compiling warning for 32-bit target */ 754 while (cell_len--) { 755 load64 = (load64 << 32) | uimage_to_cpu(*cell); 756 cell++; 757 } 758 *load = (ulong)load64; 759 760 return 0; 761 } 762 763 static int fit_image_set_address(const void *fit, int noffset, char *name, 764 ulong addr) 765 { 766 int len, cell_len; 767 const fdt32_t *cell; 768 769 cell = fdt_getprop(fit, noffset, name, &len); 770 if (cell == NULL) { 771 fit_get_debug(fit, noffset, name, len); 772 return -1; 773 } 774 775 if (len > sizeof(ulong)) { 776 printf("Unsupported %s address size\n", name); 777 return -1; 778 } 779 780 cell_len = len >> 2; 781 /* Use load64 to avoid compiling warning for 32-bit target */ 782 while (cell_len--) { 783 *(fdt32_t *)cell = cpu_to_uimage(addr >> (32 * cell_len)); 784 cell++; 785 } 786 787 return 0; 788 } 789 790 /** 791 * fit_image_get_load() - get load addr property for given component image node 792 * @fit: pointer to the FIT format image header 793 * @noffset: component image node offset 794 * @load: pointer to the uint32_t, will hold load address 795 * 796 * fit_image_get_load() finds load address property in a given component 797 * image node. If the property is found, its value is returned to the caller. 798 * 799 * returns: 800 * 0, on success 801 * -1, on failure 802 */ 803 int fit_image_get_load(const void *fit, int noffset, ulong *load) 804 { 805 return fit_image_get_address(fit, noffset, FIT_LOAD_PROP, load); 806 } 807 808 /** 809 * fit_image_get_comp_addr() - get compress addr property for given component image node 810 * @fit: pointer to the FIT format image header 811 * @noffset: component image node offset 812 * @comp: pointer to the uint32_t, will hold load address 813 * 814 * fit_image_get_comp_addr() finds compress address property in a given component 815 * image node. If the property is found, its value is returned to the caller. 816 * 817 * returns: 818 * 0, on success 819 * -1, on failure 820 */ 821 int fit_image_get_comp_addr(const void *fit, int noffset, ulong *comp) 822 { 823 return fit_image_get_address(fit, noffset, FIT_COMP_ADDR_PROP, comp); 824 } 825 826 /** 827 * fit_image_get_cipher_addr() - get cipher addr property for given component image node 828 * @fit: pointer to the FIT format image header 829 * @noffset: component image node offset 830 * @cipher: pointer to the uint32_t, will hold load address 831 * 832 * fit_image_get_cipher_addr() finds cipher address property in a given component 833 * image node. If the property is found, its value is returned to the caller. 834 * 835 * returns: 836 * 0, on success 837 * -1, on failure 838 */ 839 int fit_image_get_cipher_addr(const void *fit, int noffset, ulong *cipher) 840 { 841 return fit_image_get_address(fit, noffset, FIT_CIPHER_ADDR_PROP, cipher); 842 } 843 844 /** 845 * fit_image_set_load() - set load addr property for given component image node 846 * @fit: pointer to the FIT format image header 847 * @noffset: component image node offset 848 * @load: uint32_t value, will hold load address 849 * 850 * fit_image_set_load() finds and set load address property in a given component 851 * image node. If the property is found, its value is returned to the caller. 852 * 853 * returns: 854 * 0, on success 855 * -1, on failure 856 */ 857 int fit_image_set_load(const void *fit, int noffset, ulong load) 858 { 859 return fit_image_set_address(fit, noffset, FIT_LOAD_PROP, load); 860 } 861 862 /** 863 * fit_image_get_entry() - get entry point address property 864 * @fit: pointer to the FIT format image header 865 * @noffset: component image node offset 866 * @entry: pointer to the uint32_t, will hold entry point address 867 * 868 * This gets the entry point address property for a given component image 869 * node. 870 * 871 * fit_image_get_entry() finds entry point address property in a given 872 * component image node. If the property is found, its value is returned 873 * to the caller. 874 * 875 * returns: 876 * 0, on success 877 * -1, on failure 878 */ 879 int fit_image_get_entry(const void *fit, int noffset, ulong *entry) 880 { 881 return fit_image_get_address(fit, noffset, FIT_ENTRY_PROP, entry); 882 } 883 884 /** 885 * fit_image_set_entry() - set entry point address property 886 * @fit: pointer to the FIT format image header 887 * @noffset: component image node offset 888 * @entry: uint32_t value, will hold entry point address 889 * 890 * This sets the entry point address property for a given component image 891 * node. 892 * 893 * fit_image_set_entry() finds and set entry point address property in a given 894 * component image node. If the property is found, its value is returned 895 * to the caller. 896 * 897 * returns: 898 * 0, on success 899 * -1, on failure 900 */ 901 int fit_image_set_entry(const void *fit, int noffset, ulong entry) 902 { 903 return fit_image_set_address(fit, noffset, FIT_ENTRY_PROP, entry); 904 } 905 906 /** 907 * fit_image_get_data - get data property and its size for a given component image node 908 * @fit: pointer to the FIT format image header 909 * @noffset: component image node offset 910 * @data: double pointer to void, will hold data property's data address 911 * @size: pointer to size_t, will hold data property's data size 912 * 913 * fit_image_get_data() finds data property in a given component image node. 914 * If the property is found its data start address and size are returned to 915 * the caller. 916 * 917 * returns: 918 * 0, on success 919 * -1, on failure 920 */ 921 int fit_image_get_data(const void *fit, int noffset, 922 const void **data, size_t *size) 923 { 924 ulong data_off = 0; 925 ulong data_pos = 0; 926 int len; 927 928 /* data */ 929 *data = fdt_getprop(fit, noffset, FIT_DATA_PROP, &len); 930 if (*data) { 931 *size = len; 932 return 0; 933 } 934 935 /* data-size */ 936 if (fit_image_get_data_size(fit, noffset, &len)) 937 return -ENOENT; 938 939 /* data-offset */ 940 if (!fit_image_get_data_offset(fit, noffset, (int *)&data_off)) { 941 data_off += (ulong)fit + FIT_ALIGN(fdt_totalsize(fit)); 942 *data = (void *)data_off; 943 *size = len; 944 return 0; 945 } 946 947 /* data-position */ 948 if (!fit_image_get_data_position(fit, noffset, (int *)&data_pos)) { 949 *data = (void *)(data_pos + (ulong)fit); 950 *size = len; 951 return 0; 952 } 953 954 *size = 0; 955 return -1; 956 } 957 958 /** 959 * Get 'data-offset' property from a given image node. 960 * 961 * @fit: pointer to the FIT image header 962 * @noffset: component image node offset 963 * @data_offset: holds the data-offset property 964 * 965 * returns: 966 * 0, on success 967 * -ENOENT if the property could not be found 968 */ 969 int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset) 970 { 971 const fdt32_t *val; 972 973 val = fdt_getprop(fit, noffset, FIT_DATA_OFFSET_PROP, NULL); 974 if (!val) 975 return -ENOENT; 976 977 *data_offset = fdt32_to_cpu(*val); 978 979 return 0; 980 } 981 982 /** 983 * Get 'data-position' property from a given image node. 984 * 985 * @fit: pointer to the FIT image header 986 * @noffset: component image node offset 987 * @data_position: holds the data-position property 988 * 989 * returns: 990 * 0, on success 991 * -ENOENT if the property could not be found 992 */ 993 int fit_image_get_data_position(const void *fit, int noffset, 994 int *data_position) 995 { 996 const fdt32_t *val; 997 998 val = fdt_getprop(fit, noffset, FIT_DATA_POSITION_PROP, NULL); 999 if (!val) 1000 return -ENOENT; 1001 1002 *data_position = fdt32_to_cpu(*val); 1003 1004 return 0; 1005 } 1006 1007 /** 1008 * Get 'data-size' property from a given image node. 1009 * 1010 * @fit: pointer to the FIT image header 1011 * @noffset: component image node offset 1012 * @data_size: holds the data-size property 1013 * 1014 * returns: 1015 * 0, on success 1016 * -ENOENT if the property could not be found 1017 */ 1018 int fit_image_get_data_size(const void *fit, int noffset, int *data_size) 1019 { 1020 const fdt32_t *val; 1021 1022 val = fdt_getprop(fit, noffset, FIT_DATA_SIZE_PROP, NULL); 1023 if (!val) 1024 return -ENOENT; 1025 1026 *data_size = fdt32_to_cpu(*val); 1027 1028 return 0; 1029 } 1030 1031 /** 1032 * Get 'rollback-index' property from a given image node. 1033 * 1034 * @fit: pointer to the FIT image header 1035 * @noffset: component image node offset 1036 * @index: holds the rollback-index property 1037 * 1038 * returns: 1039 * 0, on success 1040 * -ENOENT if the property could not be found 1041 */ 1042 int fit_image_get_rollback_index(const void *fit, int noffset, uint32_t *index) 1043 { 1044 const fdt32_t *val; 1045 1046 val = fdt_getprop(fit, noffset, FIT_ROLLBACK_PROP, NULL); 1047 if (!val) 1048 return -ENOENT; 1049 1050 *index = fdt32_to_cpu(*val); 1051 1052 return 0; 1053 } 1054 1055 /** 1056 * fit_image_hash_get_algo - get hash algorithm name 1057 * @fit: pointer to the FIT format image header 1058 * @noffset: hash node offset 1059 * @algo: double pointer to char, will hold pointer to the algorithm name 1060 * 1061 * fit_image_hash_get_algo() finds hash algorithm property in a given hash node. 1062 * If the property is found its data start address is returned to the caller. 1063 * 1064 * returns: 1065 * 0, on success 1066 * -1, on failure 1067 */ 1068 int fit_image_hash_get_algo(const void *fit, int noffset, char **algo) 1069 { 1070 int len; 1071 1072 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len); 1073 if (*algo == NULL) { 1074 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len); 1075 return -1; 1076 } 1077 1078 return 0; 1079 } 1080 1081 /** 1082 * fit_image_hash_get_value - get hash value and length 1083 * @fit: pointer to the FIT format image header 1084 * @noffset: hash node offset 1085 * @value: double pointer to uint8_t, will hold address of a hash value data 1086 * @value_len: pointer to an int, will hold hash data length 1087 * 1088 * fit_image_hash_get_value() finds hash value property in a given hash node. 1089 * If the property is found its data start address and size are returned to 1090 * the caller. 1091 * 1092 * returns: 1093 * 0, on success 1094 * -1, on failure 1095 */ 1096 int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, 1097 int *value_len) 1098 { 1099 int len; 1100 1101 *value = (uint8_t *)fdt_getprop(fit, noffset, FIT_VALUE_PROP, &len); 1102 if (*value == NULL) { 1103 fit_get_debug(fit, noffset, FIT_VALUE_PROP, len); 1104 *value_len = 0; 1105 return -1; 1106 } 1107 1108 *value_len = len; 1109 return 0; 1110 } 1111 1112 /** 1113 * fit_image_hash_get_ignore - get hash ignore flag 1114 * @fit: pointer to the FIT format image header 1115 * @noffset: hash node offset 1116 * @ignore: pointer to an int, will hold hash ignore flag 1117 * 1118 * fit_image_hash_get_ignore() finds hash ignore property in a given hash node. 1119 * If the property is found and non-zero, the hash algorithm is not verified by 1120 * u-boot automatically. 1121 * 1122 * returns: 1123 * 0, on ignore not found 1124 * value, on ignore found 1125 */ 1126 static int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore) 1127 { 1128 int len; 1129 int *value; 1130 1131 value = (int *)fdt_getprop(fit, noffset, FIT_IGNORE_PROP, &len); 1132 if (value == NULL || len != sizeof(int)) 1133 *ignore = 0; 1134 else 1135 *ignore = *value; 1136 1137 return 0; 1138 } 1139 1140 /** 1141 * fit_image_cipher_get_algo - get cipher algorithm name 1142 * @fit: pointer to the FIT format image header 1143 * @noffset: cipher node offset 1144 * @algo: double pointer to char, will hold pointer to the algorithm name 1145 * 1146 * fit_image_cipher_get_algo() finds cipher algorithm property in a given 1147 * cipher node. If the property is found its data start address is returned 1148 * to the caller. 1149 * 1150 * returns: 1151 * 0, on success 1152 * -1, on failure 1153 */ 1154 int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo) 1155 { 1156 int len; 1157 1158 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len); 1159 if (!*algo) { 1160 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len); 1161 return -1; 1162 } 1163 1164 return 0; 1165 } 1166 1167 ulong fit_get_end(const void *fit) 1168 { 1169 return map_to_sysmem((void *)(fit + fdt_totalsize(fit))); 1170 } 1171 1172 /** 1173 * fit_set_timestamp - set node timestamp property 1174 * @fit: pointer to the FIT format image header 1175 * @noffset: node offset 1176 * @timestamp: timestamp value to be set 1177 * 1178 * fit_set_timestamp() attempts to set timestamp property in the requested 1179 * node and returns operation status to the caller. 1180 * 1181 * returns: 1182 * 0, on success 1183 * -ENOSPC if no space in device tree, -1 for other error 1184 */ 1185 int fit_set_timestamp(void *fit, int noffset, time_t timestamp) 1186 { 1187 uint32_t t; 1188 int ret; 1189 1190 t = cpu_to_uimage(timestamp); 1191 ret = fdt_setprop(fit, noffset, FIT_TIMESTAMP_PROP, &t, 1192 sizeof(uint32_t)); 1193 if (ret) { 1194 debug("Can't set '%s' property for '%s' node (%s)\n", 1195 FIT_TIMESTAMP_PROP, fit_get_name(fit, noffset, NULL), 1196 fdt_strerror(ret)); 1197 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1; 1198 } 1199 1200 return 0; 1201 } 1202 1203 int fit_set_totalsize(void *fit, int noffset, int totalsize) 1204 { 1205 uint32_t t; 1206 int ret; 1207 1208 t = cpu_to_uimage(totalsize); 1209 ret = fdt_setprop(fit, noffset, FIT_TOTALSIZE_PROP, &t, 1210 sizeof(uint32_t)); 1211 if (ret) 1212 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1; 1213 1214 return 0; 1215 } 1216 1217 int fit_set_version(void *fit, int noffset, int version) 1218 { 1219 uint32_t v; 1220 int ret; 1221 1222 v = cpu_to_uimage(version); 1223 ret = fdt_setprop(fit, noffset, FIT_VERSION_PROP, &v, sizeof(uint32_t)); 1224 if (ret) 1225 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1; 1226 1227 return 0; 1228 } 1229 1230 int fit_calculate_hash(const void *data, int data_len, 1231 const char *algo, uint8_t *value, 1232 int *value_len) 1233 { 1234 if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) { 1235 *((uint32_t *)value) = crc32_wd(0, data, data_len, 1236 CHUNKSZ_CRC32); 1237 *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value)); 1238 *value_len = 4; 1239 #ifdef CONFIG_SHA1 1240 } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) { 1241 sha1_csum_wd((unsigned char *)data, data_len, 1242 (unsigned char *)value, CHUNKSZ_SHA1); 1243 *value_len = 20; 1244 #endif 1245 #ifdef CONFIG_SHA256 1246 } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { 1247 sha256_csum_wd((unsigned char *)data, data_len, 1248 (unsigned char *)value, CHUNKSZ_SHA256); 1249 *value_len = SHA256_SUM_LEN; 1250 #endif 1251 #ifdef CONFIG_MD5 1252 } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { 1253 md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); 1254 *value_len = 16; 1255 #endif 1256 } else { 1257 debug("Unsupported hash alogrithm\n"); 1258 return -1; 1259 } 1260 return 0; 1261 } 1262 1263 #ifndef USE_HOSTCC 1264 #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO) 1265 static int crypto_csum(u32 cap, const char *data, int len, u8 *output) 1266 { 1267 struct udevice *dev; 1268 sha_context csha_ctx; 1269 1270 dev = crypto_get_device(cap); 1271 if (!dev) { 1272 printf("Can't find expected crypto device\n"); 1273 return -ENODEV; 1274 } 1275 1276 csha_ctx.algo = cap; 1277 csha_ctx.length = len; 1278 1279 return crypto_sha_csum(dev, &csha_ctx, (char *)data, len, output); 1280 } 1281 1282 static int hw_fit_calculate_hash(const void *data, int data_len, 1283 const char *algo, uint8_t *value, 1284 int *value_len) 1285 { 1286 int ret = 0; 1287 1288 if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) { 1289 *((uint32_t *)value) = crc32_wd(0, data, data_len, 1290 CHUNKSZ_CRC32); 1291 *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value)); 1292 *value_len = 4; 1293 } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) { 1294 ret = crypto_csum(CRYPTO_SHA1, data, data_len, value); 1295 *value_len = 20; 1296 } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { 1297 ret = crypto_csum(CRYPTO_SHA256, data, data_len, value); 1298 *value_len = SHA256_SUM_LEN; 1299 } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { 1300 ret = crypto_csum(CRYPTO_MD5, data, data_len, value); 1301 *value_len = 16; 1302 } else { 1303 debug("Unsupported hash alogrithm\n"); 1304 return -1; 1305 } 1306 1307 if (ret) 1308 printf("%s: algo %s failed, ret=%d\n", __func__, algo, ret); 1309 1310 return ret; 1311 } 1312 #endif 1313 #endif 1314 1315 /** 1316 * calculate_hash - calculate and return hash for provided input data 1317 * @data: pointer to the input data 1318 * @data_len: data length 1319 * @algo: requested hash algorithm 1320 * @value: pointer to the char, will hold hash value data (caller must 1321 * allocate enough free space) 1322 * value_len: length of the calculated hash 1323 * 1324 * calculate_hash() computes input data hash according to the requested 1325 * algorithm. 1326 * Resulting hash value is placed in caller provided 'value' buffer, length 1327 * of the calculated hash is returned via value_len pointer argument. 1328 * 1329 * returns: 1330 * 0, on success 1331 * -1, when algo is unsupported 1332 */ 1333 int calculate_hash(const void *data, int data_len, const char *algo, 1334 uint8_t *value, int *value_len) 1335 { 1336 #if defined(USE_HOSTCC) 1337 return fit_calculate_hash(data, data_len, algo, value, value_len); 1338 #else 1339 #if !CONFIG_IS_ENABLED(FIT_HW_CRYPTO) 1340 return fit_calculate_hash(data, data_len, algo, value, value_len); 1341 #else 1342 return hw_fit_calculate_hash(data, data_len, algo, value, value_len); 1343 #endif 1344 #endif 1345 } 1346 1347 int fit_image_check_hash(const void *fit, int noffset, const void *data, 1348 size_t size, char **err_msgp) 1349 { 1350 uint8_t value[FIT_MAX_HASH_LEN]; 1351 int value_len; 1352 char *algo; 1353 uint8_t *fit_value; 1354 int fit_value_len; 1355 int ignore; 1356 int i; 1357 1358 *err_msgp = NULL; 1359 1360 if (fit_image_hash_get_algo(fit, noffset, &algo)) { 1361 *err_msgp = "Can't get hash algo property"; 1362 return -1; 1363 } 1364 printf("%s", algo); 1365 1366 if (IMAGE_ENABLE_IGNORE) { 1367 fit_image_hash_get_ignore(fit, noffset, &ignore); 1368 if (ignore) { 1369 printf("-skipped "); 1370 return 0; 1371 } 1372 } 1373 1374 if (fit_image_hash_get_value(fit, noffset, &fit_value, 1375 &fit_value_len)) { 1376 *err_msgp = "Can't get hash value property"; 1377 return -1; 1378 } 1379 1380 if (calculate_hash(data, size, algo, value, &value_len)) { 1381 *err_msgp = "Unsupported hash algorithm"; 1382 return -1; 1383 } 1384 1385 if (value_len != fit_value_len) { 1386 *err_msgp = "Bad hash value len"; 1387 return -1; 1388 } else if (memcmp(value, fit_value, value_len) != 0) { 1389 printf(" Bad hash: "); 1390 for (i = 0; i < value_len; i++) 1391 printf("%02x", value[i]); 1392 printf("\n"); 1393 1394 *err_msgp = "Bad hash value"; 1395 return -1; 1396 } 1397 1398 #ifdef CONFIG_SPL_BUILD 1399 printf("("); 1400 for (i = 0; i < 5; i++) 1401 printf("%02x", value[i]); 1402 printf("...) "); 1403 #endif 1404 1405 return 0; 1406 } 1407 1408 int fit_image_verify_with_data(const void *fit, int image_noffset, 1409 const void *data, size_t size) 1410 { 1411 int noffset = 0; 1412 char *err_msg = ""; 1413 int verify_all = 1; 1414 int ret; 1415 1416 /* Verify all required signatures */ 1417 if (IMAGE_ENABLE_VERIFY && 1418 fit_image_verify_required_sigs(fit, image_noffset, data, size, 1419 gd_fdt_blob(), &verify_all)) { 1420 err_msg = "Unable to verify required signature"; 1421 goto error; 1422 } 1423 1424 /* Process all hash subnodes of the component image node */ 1425 fdt_for_each_subnode(noffset, fit, image_noffset) { 1426 const char *name = fit_get_name(fit, noffset, NULL); 1427 1428 /* 1429 * Check subnode name, must be equal to "hash". 1430 * Multiple hash nodes require unique unit node 1431 * names, e.g. hash@1, hash@2, etc. 1432 */ 1433 if (!strncmp(name, FIT_HASH_NODENAME, 1434 strlen(FIT_HASH_NODENAME))) { 1435 if (fit_image_check_hash(fit, noffset, data, size, 1436 &err_msg)) 1437 goto error; 1438 puts("+ "); 1439 } else if (IMAGE_ENABLE_VERIFY && verify_all && 1440 !strncmp(name, FIT_SIG_NODENAME, 1441 strlen(FIT_SIG_NODENAME))) { 1442 ret = fit_image_check_sig(fit, noffset, data, 1443 size, -1, &err_msg); 1444 1445 /* 1446 * Show an indication on failure, but do not return 1447 * an error. Only keys marked 'required' can cause 1448 * an image validation failure. See the call to 1449 * fit_image_verify_required_sigs() above. 1450 */ 1451 if (ret) 1452 puts("- "); 1453 else 1454 puts("+ "); 1455 } 1456 } 1457 1458 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { 1459 err_msg = "Corrupted or truncated tree"; 1460 goto error; 1461 } 1462 1463 return 1; /* success */ 1464 1465 error: 1466 printf(" error!\n%s for '%s' hash node in '%s' image node\n", 1467 err_msg, fit_get_name(fit, noffset, NULL), 1468 fit_get_name(fit, image_noffset, NULL)); 1469 return 0; 1470 } 1471 1472 /** 1473 * fit_image_verify - verify data integrity 1474 * @fit: pointer to the FIT format image header 1475 * @image_noffset: component image node offset 1476 * 1477 * fit_image_verify() goes over component image hash nodes, 1478 * re-calculates each data hash and compares with the value stored in hash 1479 * node. 1480 * 1481 * returns: 1482 * 1, if all hashes are valid 1483 * 0, otherwise (or on error) 1484 */ 1485 int fit_image_verify(const void *fit, int image_noffset) 1486 { 1487 const void *data; 1488 size_t size; 1489 int noffset = 0; 1490 char *err_msg = ""; 1491 1492 /* Get image data and data length */ 1493 if (fit_image_get_data(fit, image_noffset, &data, &size)) { 1494 err_msg = "Can't get image data/size"; 1495 printf("error!\n%s for '%s' hash node in '%s' image node\n", 1496 err_msg, fit_get_name(fit, noffset, NULL), 1497 fit_get_name(fit, image_noffset, NULL)); 1498 return 0; 1499 } 1500 1501 return fit_image_verify_with_data(fit, image_noffset, data, size); 1502 } 1503 1504 /** 1505 * fit_all_image_verify - verify data integrity for all images 1506 * @fit: pointer to the FIT format image header 1507 * 1508 * fit_all_image_verify() goes over all images in the FIT and 1509 * for every images checks if all it's hashes are valid. 1510 * 1511 * returns: 1512 * 1, if all hashes of all images are valid 1513 * 0, otherwise (or on error) 1514 */ 1515 int fit_all_image_verify(const void *fit) 1516 { 1517 int images_noffset; 1518 int noffset; 1519 int ndepth; 1520 int count; 1521 1522 /* Find images parent node offset */ 1523 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); 1524 if (images_noffset < 0) { 1525 printf("Can't find images parent node '%s' (%s)\n", 1526 FIT_IMAGES_PATH, fdt_strerror(images_noffset)); 1527 return 0; 1528 } 1529 1530 /* Process all image subnodes, check hashes for each */ 1531 printf("## Checking hash(es) for FIT Image at %08lx ...\n", 1532 (ulong)fit); 1533 for (ndepth = 0, count = 0, 1534 noffset = fdt_next_node(fit, images_noffset, &ndepth); 1535 (noffset >= 0) && (ndepth > 0); 1536 noffset = fdt_next_node(fit, noffset, &ndepth)) { 1537 if (ndepth == 1) { 1538 /* 1539 * Direct child node of the images parent node, 1540 * i.e. component image node. 1541 */ 1542 printf(" Hash(es) for Image %u (%s): ", count, 1543 fit_get_name(fit, noffset, NULL)); 1544 count++; 1545 1546 if (!fit_image_verify(fit, noffset)) 1547 return 0; 1548 printf("\n"); 1549 } 1550 } 1551 return 1; 1552 } 1553 1554 #if !defined(USE_HOSTCC) 1555 #if defined(CONFIG_FIT_CIPHER) 1556 /* 1557 * [aes-128-ctr] example: 1558 * 1559 * openssl rand -out aes128.key 16 1560 * 1561 * openssl dgst -sha256 -binary -out kernel.sha256 kernel 1562 * openssl rand -out iv.bin 16 1563 * openssl enc -aes-128-ctr -in kernel -out kernel.encrypt -K $(xxd -p aes128.key) -iv $(xxd -p iv.bin) 1564 * openssl enc -aes-128-ctr -d -in kernel.encrypt -out kernel -K $(xxd -p aes128.key) -iv $(xxd -p iv.bin) 1565 * 1566 * 1567 * Add a "cipher" node under kernel node, the "hash" node is optional. 1568 * 1569 * cipher { 1570 * algo = "aes128"; 1571 * iv = /incbin/("./iv.bin"); 1572 * hash { 1573 * algo = "sha256"; 1574 * value = /incbin/("./kernel.sha256"); 1575 * }; 1576 * }; 1577 */ 1578 static int fit_image_uncipher(const void *fit, int noffset, 1579 ulong cipher_addr, size_t cipher_sz, 1580 ulong uncipher_addr) 1581 { 1582 rk_cipher_config config; 1583 int cipher_noffset; 1584 const char *node_name; 1585 const void *iv; 1586 char *algo_name; 1587 char *err_msgp; 1588 int key_len = 16; 1589 int iv_len; 1590 int ret; 1591 1592 node_name = fdt_get_name(fit, noffset, NULL); 1593 cipher_noffset = fdt_subnode_offset(fit, noffset, FIT_CIPHER_NODENAME); 1594 1595 if (fit_image_cipher_get_algo(fit, cipher_noffset, &algo_name)) { 1596 printf("Can't get cipher algo for image '%s'\n", 1597 node_name); 1598 return -1; 1599 } 1600 1601 if (strcmp(algo_name, "aes128")) { 1602 printf("Invalid cipher algo '%s'\n", algo_name); 1603 return -1; 1604 } 1605 1606 iv = fdt_getprop(fit, cipher_noffset, "iv", &iv_len); 1607 if (!iv) { 1608 printf("Can't get IV for image '%s'\n", node_name); 1609 return -1; 1610 } 1611 1612 if (iv_len != key_len) { 1613 printf("Len iv(%d) != key(%d) for image '%s'\n", 1614 iv_len, key_len, node_name); 1615 return -1; 1616 } 1617 1618 memset(&config, 0, sizeof(config)); 1619 config.algo = RK_ALGO_AES; 1620 config.mode = RK_CIPHER_MODE_CTR; 1621 config.operation = RK_MODE_DECRYPT; 1622 config.key_len = key_len; 1623 memcpy(config.iv, iv, key_len); 1624 1625 /* uncipher */ 1626 ret = trusty_fw_key_cipher(RK_FW_KEY0, &config, 1627 (u32)cipher_addr, (u32)uncipher_addr, 1628 (u32)cipher_sz); 1629 if (ret) { 1630 printf("Uncipher data failed for image '%s', ret=%d\n", 1631 node_name, ret); 1632 return ret; 1633 } 1634 1635 /* verify uncipher data hash */ 1636 noffset = fdt_subnode_offset(fit, cipher_noffset, FIT_HASH_NODENAME); 1637 if (noffset > 0) { 1638 ret = fit_image_check_hash(fit, noffset, 1639 (void *)uncipher_addr, 1640 cipher_sz, &err_msgp); 1641 if (ret) { 1642 printf("%s, uncipher data hash for image '%s', ret=%d\n", 1643 err_msgp, node_name, ret); 1644 return ret; 1645 } else { 1646 puts("+"); 1647 } 1648 } 1649 1650 return 0; 1651 } 1652 #endif 1653 #endif 1654 1655 /** 1656 * fit_image_check_os - check whether image node is of a given os type 1657 * @fit: pointer to the FIT format image header 1658 * @noffset: component image node offset 1659 * @os: requested image os 1660 * 1661 * fit_image_check_os() reads image os property and compares its numeric 1662 * id with the requested os. Comparison result is returned to the caller. 1663 * 1664 * returns: 1665 * 1 if image is of given os type 1666 * 0 otherwise (or on error) 1667 */ 1668 int fit_image_check_os(const void *fit, int noffset, uint8_t os) 1669 { 1670 uint8_t image_os; 1671 1672 if (fit_image_get_os(fit, noffset, &image_os)) 1673 return 0; 1674 return (os == image_os); 1675 } 1676 1677 /** 1678 * fit_image_check_arch - check whether image node is of a given arch 1679 * @fit: pointer to the FIT format image header 1680 * @noffset: component image node offset 1681 * @arch: requested imagearch 1682 * 1683 * fit_image_check_arch() reads image arch property and compares its numeric 1684 * id with the requested arch. Comparison result is returned to the caller. 1685 * 1686 * returns: 1687 * 1 if image is of given arch 1688 * 0 otherwise (or on error) 1689 */ 1690 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch) 1691 { 1692 uint8_t image_arch; 1693 int aarch32_support = 0; 1694 1695 #ifdef CONFIG_ARM64_SUPPORT_AARCH32 1696 aarch32_support = 1; 1697 #endif 1698 1699 if (fit_image_get_arch(fit, noffset, &image_arch)) 1700 return 0; 1701 return (arch == image_arch) || 1702 (arch == IH_ARCH_I386 && image_arch == IH_ARCH_X86_64) || 1703 (arch == IH_ARCH_ARM64 && image_arch == IH_ARCH_ARM && 1704 aarch32_support); 1705 } 1706 1707 /** 1708 * fit_image_check_type - check whether image node is of a given type 1709 * @fit: pointer to the FIT format image header 1710 * @noffset: component image node offset 1711 * @type: requested image type 1712 * 1713 * fit_image_check_type() reads image type property and compares its numeric 1714 * id with the requested type. Comparison result is returned to the caller. 1715 * 1716 * returns: 1717 * 1 if image is of given type 1718 * 0 otherwise (or on error) 1719 */ 1720 int fit_image_check_type(const void *fit, int noffset, uint8_t type) 1721 { 1722 uint8_t image_type; 1723 1724 if (fit_image_get_type(fit, noffset, &image_type)) 1725 return 0; 1726 return (type == image_type); 1727 } 1728 1729 /** 1730 * fit_image_check_comp - check whether image node uses given compression 1731 * @fit: pointer to the FIT format image header 1732 * @noffset: component image node offset 1733 * @comp: requested image compression type 1734 * 1735 * fit_image_check_comp() reads image compression property and compares its 1736 * numeric id with the requested compression type. Comparison result is 1737 * returned to the caller. 1738 * 1739 * returns: 1740 * 1 if image uses requested compression 1741 * 0 otherwise (or on error) 1742 */ 1743 int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) 1744 { 1745 uint8_t image_comp; 1746 1747 if (fit_image_get_comp(fit, noffset, &image_comp)) 1748 return 0; 1749 return (comp == image_comp); 1750 } 1751 1752 /** 1753 * fit_check_format - sanity check FIT image format 1754 * @fit: pointer to the FIT format image header 1755 * 1756 * fit_check_format() runs a basic sanity FIT image verification. 1757 * Routine checks for mandatory properties, nodes, etc. 1758 * 1759 * returns: 1760 * 1, on success 1761 * 0, on failure 1762 */ 1763 int fit_check_format(const void *fit) 1764 { 1765 /* mandatory / node 'description' property */ 1766 if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { 1767 debug("Wrong FIT format: no description\n"); 1768 return 0; 1769 } 1770 1771 if (IMAGE_ENABLE_TIMESTAMP) { 1772 /* mandatory / node 'timestamp' property */ 1773 if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) { 1774 debug("Wrong FIT format: no timestamp\n"); 1775 return 0; 1776 } 1777 } 1778 1779 /* mandatory subimages parent '/images' node */ 1780 if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { 1781 debug("Wrong FIT format: no images parent node\n"); 1782 return 0; 1783 } 1784 1785 return 1; 1786 } 1787 1788 1789 /** 1790 * fit_conf_find_compat 1791 * @fit: pointer to the FIT format image header 1792 * @fdt: pointer to the device tree to compare against 1793 * 1794 * fit_conf_find_compat() attempts to find the configuration whose fdt is the 1795 * most compatible with the passed in device tree. 1796 * 1797 * Example: 1798 * 1799 * / o image-tree 1800 * |-o images 1801 * | |-o fdt@1 1802 * | |-o fdt@2 1803 * | 1804 * |-o configurations 1805 * |-o config@1 1806 * | |-fdt = fdt@1 1807 * | 1808 * |-o config@2 1809 * |-fdt = fdt@2 1810 * 1811 * / o U-Boot fdt 1812 * |-compatible = "foo,bar", "bim,bam" 1813 * 1814 * / o kernel fdt1 1815 * |-compatible = "foo,bar", 1816 * 1817 * / o kernel fdt2 1818 * |-compatible = "bim,bam", "baz,biz" 1819 * 1820 * Configuration 1 would be picked because the first string in U-Boot's 1821 * compatible list, "foo,bar", matches a compatible string in the root of fdt1. 1822 * "bim,bam" in fdt2 matches the second string which isn't as good as fdt1. 1823 * 1824 * returns: 1825 * offset to the configuration to use if one was found 1826 * -1 otherwise 1827 */ 1828 int fit_conf_find_compat(const void *fit, const void *fdt) 1829 { 1830 int ndepth = 0; 1831 int noffset, confs_noffset, images_noffset; 1832 const void *fdt_compat; 1833 int fdt_compat_len; 1834 int best_match_offset = 0; 1835 int best_match_pos = 0; 1836 1837 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH); 1838 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); 1839 if (confs_noffset < 0 || images_noffset < 0) { 1840 debug("Can't find configurations or images nodes.\n"); 1841 return -1; 1842 } 1843 1844 fdt_compat = fdt_getprop(fdt, 0, "compatible", &fdt_compat_len); 1845 if (!fdt_compat) { 1846 debug("Fdt for comparison has no \"compatible\" property.\n"); 1847 return -1; 1848 } 1849 1850 /* 1851 * Loop over the configurations in the FIT image. 1852 */ 1853 for (noffset = fdt_next_node(fit, confs_noffset, &ndepth); 1854 (noffset >= 0) && (ndepth > 0); 1855 noffset = fdt_next_node(fit, noffset, &ndepth)) { 1856 const void *kfdt; 1857 const char *kfdt_name; 1858 int kfdt_noffset; 1859 const char *cur_fdt_compat; 1860 int len; 1861 size_t size; 1862 int i; 1863 1864 if (ndepth > 1) 1865 continue; 1866 1867 kfdt_name = fdt_getprop(fit, noffset, "fdt", &len); 1868 if (!kfdt_name) { 1869 debug("No fdt property found.\n"); 1870 continue; 1871 } 1872 kfdt_noffset = fdt_subnode_offset(fit, images_noffset, 1873 kfdt_name); 1874 if (kfdt_noffset < 0) { 1875 debug("No image node named \"%s\" found.\n", 1876 kfdt_name); 1877 continue; 1878 } 1879 /* 1880 * Get a pointer to this configuration's fdt. 1881 */ 1882 if (fit_image_get_data(fit, kfdt_noffset, &kfdt, &size)) { 1883 debug("Failed to get fdt \"%s\".\n", kfdt_name); 1884 continue; 1885 } 1886 1887 len = fdt_compat_len; 1888 cur_fdt_compat = fdt_compat; 1889 /* 1890 * Look for a match for each U-Boot compatibility string in 1891 * turn in this configuration's fdt. 1892 */ 1893 for (i = 0; len > 0 && 1894 (!best_match_offset || best_match_pos > i); i++) { 1895 int cur_len = strlen(cur_fdt_compat) + 1; 1896 1897 if (!fdt_node_check_compatible(kfdt, 0, 1898 cur_fdt_compat)) { 1899 best_match_offset = noffset; 1900 best_match_pos = i; 1901 break; 1902 } 1903 len -= cur_len; 1904 cur_fdt_compat += cur_len; 1905 } 1906 } 1907 if (!best_match_offset) { 1908 debug("No match found.\n"); 1909 return -1; 1910 } 1911 1912 return best_match_offset; 1913 } 1914 1915 /** 1916 * fit_conf_get_node - get node offset for configuration of a given unit name 1917 * @fit: pointer to the FIT format image header 1918 * @conf_uname: configuration node unit name 1919 * 1920 * fit_conf_get_node() finds a configuration (within the '/configurations' 1921 * parent node) of a provided unit name. If configuration is found its node 1922 * offset is returned to the caller. 1923 * 1924 * When NULL is provided in second argument fit_conf_get_node() will search 1925 * for a default configuration node instead. Default configuration node unit 1926 * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations' 1927 * node. 1928 * 1929 * returns: 1930 * configuration node offset when found (>=0) 1931 * negative number on failure (FDT_ERR_* code) 1932 */ 1933 int fit_conf_get_node(const void *fit, const char *conf_uname) 1934 { 1935 int noffset, confs_noffset; 1936 int len; 1937 const char *s; 1938 char *conf_uname_copy = NULL; 1939 1940 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH); 1941 if (confs_noffset < 0) { 1942 debug("Can't find configurations parent node '%s' (%s)\n", 1943 FIT_CONFS_PATH, fdt_strerror(confs_noffset)); 1944 return confs_noffset; 1945 } 1946 1947 if (conf_uname == NULL) { 1948 /* get configuration unit name from the default property */ 1949 debug("No configuration specified, trying default...\n"); 1950 conf_uname = (char *)fdt_getprop(fit, confs_noffset, 1951 FIT_DEFAULT_PROP, &len); 1952 if (conf_uname == NULL) { 1953 fit_get_debug(fit, confs_noffset, FIT_DEFAULT_PROP, 1954 len); 1955 return len; 1956 } 1957 debug("Found default configuration: '%s'\n", conf_uname); 1958 } 1959 1960 s = strchr(conf_uname, '#'); 1961 if (s) { 1962 len = s - conf_uname; 1963 conf_uname_copy = malloc(len + 1); 1964 if (!conf_uname_copy) { 1965 debug("Can't allocate uname copy: '%s'\n", 1966 conf_uname); 1967 return -ENOMEM; 1968 } 1969 memcpy(conf_uname_copy, conf_uname, len); 1970 conf_uname_copy[len] = '\0'; 1971 conf_uname = conf_uname_copy; 1972 } 1973 1974 noffset = fdt_subnode_offset(fit, confs_noffset, conf_uname); 1975 if (noffset < 0) { 1976 debug("Can't get node offset for configuration unit name: '%s' (%s)\n", 1977 conf_uname, fdt_strerror(noffset)); 1978 } 1979 1980 if (conf_uname_copy) 1981 free(conf_uname_copy); 1982 1983 return noffset; 1984 } 1985 1986 int fit_conf_get_prop_node_count(const void *fit, int noffset, 1987 const char *prop_name) 1988 { 1989 return fdt_stringlist_count(fit, noffset, prop_name); 1990 } 1991 1992 int fit_conf_get_prop_node_index(const void *fit, int noffset, 1993 const char *prop_name, int index) 1994 { 1995 const char *uname; 1996 int len; 1997 1998 /* get kernel image unit name from configuration kernel property */ 1999 uname = fdt_stringlist_get(fit, noffset, prop_name, index, &len); 2000 if (uname == NULL) 2001 return len; 2002 2003 return fit_image_get_node(fit, uname); 2004 } 2005 2006 int fit_conf_get_prop_node(const void *fit, int noffset, 2007 const char *prop_name) 2008 { 2009 return fit_conf_get_prop_node_index(fit, noffset, prop_name, 0); 2010 } 2011 2012 /** 2013 * fit_conf_print - prints out the FIT configuration details 2014 * @fit: pointer to the FIT format image header 2015 * @noffset: offset of the configuration node 2016 * @p: pointer to prefix string 2017 * 2018 * fit_conf_print() lists all mandatory properties for the processed 2019 * configuration node. 2020 * 2021 * returns: 2022 * no returned results 2023 */ 2024 void fit_conf_print(const void *fit, int noffset, const char *p) 2025 { 2026 char *desc; 2027 const char *uname; 2028 int ret; 2029 int fdt_index, loadables_index; 2030 2031 /* Mandatory properties */ 2032 ret = fit_get_desc(fit, noffset, &desc); 2033 printf("%s Description: ", p); 2034 if (ret) 2035 printf("unavailable\n"); 2036 else 2037 printf("%s\n", desc); 2038 2039 uname = fdt_getprop(fit, noffset, FIT_KERNEL_PROP, NULL); 2040 printf("%s Kernel: ", p); 2041 if (uname == NULL) 2042 printf("unavailable\n"); 2043 else 2044 printf("%s\n", uname); 2045 2046 /* Optional properties */ 2047 uname = fdt_getprop(fit, noffset, FIT_RAMDISK_PROP, NULL); 2048 if (uname) 2049 printf("%s Init Ramdisk: %s\n", p, uname); 2050 2051 uname = fdt_getprop(fit, noffset, FIT_FIRMWARE_PROP, NULL); 2052 if (uname) 2053 printf("%s Firmware: %s\n", p, uname); 2054 2055 for (fdt_index = 0; 2056 uname = fdt_stringlist_get(fit, noffset, FIT_FDT_PROP, 2057 fdt_index, NULL), uname; 2058 fdt_index++) { 2059 2060 if (fdt_index == 0) 2061 printf("%s FDT: ", p); 2062 else 2063 printf("%s ", p); 2064 printf("%s\n", uname); 2065 } 2066 2067 uname = fdt_getprop(fit, noffset, FIT_FPGA_PROP, NULL); 2068 if (uname) 2069 printf("%s FPGA: %s\n", p, uname); 2070 2071 /* Print out all of the specified loadables */ 2072 for (loadables_index = 0; 2073 uname = fdt_stringlist_get(fit, noffset, FIT_LOADABLE_PROP, 2074 loadables_index, NULL), uname; 2075 loadables_index++) { 2076 if (loadables_index == 0) { 2077 printf("%s Loadables: ", p); 2078 } else { 2079 printf("%s ", p); 2080 } 2081 printf("%s\n", uname); 2082 } 2083 } 2084 2085 static int fit_image_select(const void *fit, int rd_noffset, int verify) 2086 { 2087 #ifdef USE_HOSTCC 2088 fit_image_print(fit, rd_noffset, " "); 2089 #else 2090 #if CONFIG_IS_ENABLED(FIT_PRINT) 2091 fit_image_print(fit, rd_noffset, " "); 2092 #endif 2093 #endif 2094 2095 #ifndef USE_HOSTCC 2096 if (smp_event1(SEVT_3, STID_17)) 2097 return 0; 2098 #endif 2099 if (verify) { 2100 puts(" Verifying Hash Integrity ... "); 2101 if (!fit_image_verify(fit, rd_noffset)) { 2102 puts("Bad Data Hash\n"); 2103 return -EACCES; 2104 } 2105 puts("OK\n"); 2106 } 2107 2108 return 0; 2109 } 2110 2111 int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name, 2112 ulong addr) 2113 { 2114 int cfg_noffset; 2115 void *fit_hdr; 2116 int noffset; 2117 2118 debug("* %s: using config '%s' from image at 0x%08lx\n", 2119 prop_name, images->fit_uname_cfg, addr); 2120 2121 /* Check whether configuration has this property defined */ 2122 fit_hdr = map_sysmem(addr, 0); 2123 cfg_noffset = fit_conf_get_node(fit_hdr, images->fit_uname_cfg); 2124 if (cfg_noffset < 0) { 2125 debug("* %s: no such config\n", prop_name); 2126 return -EINVAL; 2127 } 2128 2129 noffset = fit_conf_get_prop_node(fit_hdr, cfg_noffset, prop_name); 2130 if (noffset < 0) { 2131 debug("* %s: no '%s' in config\n", prop_name, prop_name); 2132 return -ENOENT; 2133 } 2134 2135 return noffset; 2136 } 2137 2138 /** 2139 * fit_get_image_type_property() - get property name for IH_TYPE_... 2140 * 2141 * @return the properly name where we expect to find the image in the 2142 * config node 2143 */ 2144 static const char *fit_get_image_type_property(int type) 2145 { 2146 /* 2147 * This is sort-of available in the uimage_type[] table in image.c 2148 * but we don't have access to the short name, and "fdt" is different 2149 * anyway. So let's just keep it here. 2150 */ 2151 switch (type) { 2152 case IH_TYPE_FLATDT: 2153 return FIT_FDT_PROP; 2154 case IH_TYPE_KERNEL: 2155 return FIT_KERNEL_PROP; 2156 case IH_TYPE_RAMDISK: 2157 return FIT_RAMDISK_PROP; 2158 case IH_TYPE_FIRMWARE: 2159 return FIT_FIRMWARE_PROP; 2160 case IH_TYPE_X86_SETUP: 2161 return FIT_SETUP_PROP; 2162 case IH_TYPE_LOADABLE: 2163 return FIT_LOADABLE_PROP; 2164 case IH_TYPE_FPGA: 2165 return FIT_FPGA_PROP; 2166 case IH_TYPE_STANDALONE: 2167 return FIT_STANDALONE_PROP; 2168 } 2169 2170 return "unknown"; 2171 } 2172 2173 #ifndef USE_HOSTCC 2174 __weak int fit_board_verify_required_sigs(void) 2175 { 2176 return 0; 2177 } 2178 #endif 2179 2180 int fit_image_load_index(bootm_headers_t *images, ulong addr, 2181 const char **fit_unamep, const char **fit_uname_configp, 2182 int arch, int image_type, int image_index, int bootstage_id, 2183 enum fit_load_op load_op, ulong *datap, ulong *lenp) 2184 { 2185 int cfg_noffset, noffset; 2186 const char *fit_uname; 2187 const char *fit_uname_config; 2188 const char *fit_base_uname_config; 2189 const void *fit; 2190 const void *buf; 2191 size_t size; 2192 int type_ok, os_ok; 2193 ulong load, data, len; 2194 uint8_t os; 2195 #ifndef USE_HOSTCC 2196 uint8_t os_arch; 2197 #endif 2198 const char *prop_name; 2199 int ret; 2200 2201 fit = map_sysmem(addr, 0); 2202 fit_uname = fit_unamep ? *fit_unamep : NULL; 2203 fit_uname_config = fit_uname_configp ? *fit_uname_configp : NULL; 2204 fit_base_uname_config = NULL; 2205 prop_name = fit_get_image_type_property(image_type); 2206 printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); 2207 2208 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); 2209 if (!fit_check_format(fit)) { 2210 printf("Bad FIT %s image format!\n", prop_name); 2211 bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); 2212 return -ENOEXEC; 2213 } 2214 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK); 2215 if (fit_uname) { 2216 /* get FIT component image node offset */ 2217 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_UNIT_NAME); 2218 noffset = fit_image_get_node(fit, fit_uname); 2219 } else { 2220 /* 2221 * no image node unit name, try to get config 2222 * node first. If config unit node name is NULL 2223 * fit_conf_get_node() will try to find default config node 2224 */ 2225 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME); 2226 if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) { 2227 cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob()); 2228 } else { 2229 cfg_noffset = fit_conf_get_node(fit, 2230 fit_uname_config); 2231 } 2232 if (cfg_noffset < 0) { 2233 puts("Could not find configuration node\n"); 2234 bootstage_error(bootstage_id + 2235 BOOTSTAGE_SUB_NO_UNIT_NAME); 2236 return -ENOENT; 2237 } 2238 fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL); 2239 printf(" Using '%s' configuration\n", fit_base_uname_config); 2240 if (image_type == IH_TYPE_KERNEL) { 2241 #ifndef USE_HOSTCC 2242 /* If board required sigs, check self */ 2243 if (fit_board_verify_required_sigs() && 2244 !IS_ENABLED(CONFIG_FIT_SIGNATURE)) { 2245 printf("Verified-boot requires CONFIG_FIT_SIGNATURE enabled\n"); 2246 hang(); 2247 } 2248 #endif 2249 /* Remember (and possibly verify) this config */ 2250 images->fit_uname_cfg = fit_base_uname_config; 2251 if (IMAGE_ENABLE_VERIFY) { 2252 puts(" Verifying Hash Integrity ... "); 2253 if (fit_config_verify(fit, cfg_noffset)) { 2254 puts("Bad Data Hash\n"); 2255 bootstage_error(bootstage_id + 2256 BOOTSTAGE_SUB_HASH); 2257 return -EACCES; 2258 } 2259 puts("OK\n"); 2260 2261 #ifdef CONFIG_FIT_ROLLBACK_PROTECT 2262 uint32_t this_index, min_index; 2263 2264 puts(" Verifying Rollback-index ... "); 2265 if (fit_rollback_index_verify(fit, 2266 FIT_ROLLBACK_INDEX, 2267 &this_index, &min_index)) { 2268 puts("Failed to get index\n"); 2269 return ret; 2270 } else if (this_index < min_index) { 2271 printf("Reject index %d < %d(min)\n", 2272 this_index, min_index); 2273 return -EINVAL; 2274 } 2275 2276 printf("%d >= %d(min), OK\n", this_index, min_index); 2277 #endif 2278 } 2279 bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG); 2280 } 2281 2282 noffset = fit_conf_get_prop_node_index(fit, cfg_noffset, 2283 prop_name, image_index); 2284 fit_uname = fit_get_name(fit, noffset, NULL); 2285 } 2286 if (noffset < 0) { 2287 puts("Could not find subimage node\n"); 2288 bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE); 2289 return -ENOENT; 2290 } 2291 2292 printf(" Trying '%s' %s subimage\n", fit_uname, prop_name); 2293 2294 ret = fit_image_select(fit, noffset, images->verify); 2295 if (ret) { 2296 bootstage_error(bootstage_id + BOOTSTAGE_SUB_HASH); 2297 return ret; 2298 } 2299 2300 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH); 2301 #if !defined(USE_HOSTCC) && !defined(CONFIG_SANDBOX) 2302 if (!fit_image_check_target_arch(fit, noffset)) { 2303 puts("Unsupported Architecture\n"); 2304 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH); 2305 return -ENOEXEC; 2306 } 2307 #endif 2308 2309 #ifndef USE_HOSTCC 2310 fit_image_get_arch(fit, noffset, &os_arch); 2311 images->os.arch = os_arch; 2312 #endif 2313 2314 if (image_type == IH_TYPE_FLATDT && 2315 !fit_image_check_comp(fit, noffset, IH_COMP_NONE)) { 2316 puts("FDT image is compressed"); 2317 return -EPROTONOSUPPORT; 2318 } 2319 2320 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL); 2321 type_ok = fit_image_check_type(fit, noffset, image_type) || 2322 fit_image_check_type(fit, noffset, IH_TYPE_FIRMWARE) || 2323 (image_type == IH_TYPE_KERNEL && 2324 fit_image_check_type(fit, noffset, IH_TYPE_KERNEL_NOLOAD)); 2325 2326 os_ok = image_type == IH_TYPE_FLATDT || 2327 image_type == IH_TYPE_FPGA || 2328 fit_image_check_os(fit, noffset, IH_OS_LINUX) || 2329 fit_image_check_os(fit, noffset, IH_OS_ARM_TRUSTED_FIRMWARE) || 2330 fit_image_check_os(fit, noffset, IH_OS_OP_TEE) || 2331 fit_image_check_os(fit, noffset, IH_OS_U_BOOT) || 2332 fit_image_check_os(fit, noffset, IH_OS_QNX) || 2333 fit_image_check_os(fit, noffset, IH_OS_OPENRTOS); 2334 2335 /* 2336 * If either of the checks fail, we should report an error, but 2337 * if the image type is coming from the "loadables" field, we 2338 * don't care what it is 2339 */ 2340 if ((!type_ok || !os_ok) && image_type != IH_TYPE_LOADABLE) { 2341 fit_image_get_os(fit, noffset, &os); 2342 printf("No %s %s %s Image\n", 2343 genimg_get_os_name(os), 2344 genimg_get_arch_name(arch), 2345 genimg_get_type_name(image_type)); 2346 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL); 2347 return -EIO; 2348 } 2349 2350 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL_OK); 2351 2352 /* get image data address and length */ 2353 if (fit_image_get_data(fit, noffset, &buf, &size)) { 2354 printf("Could not find %s subimage data!\n", prop_name); 2355 bootstage_error(bootstage_id + BOOTSTAGE_SUB_GET_DATA); 2356 return -ENOENT; 2357 } 2358 2359 #if !defined(USE_HOSTCC) 2360 ret = fit_image_get_load(fit, noffset, &load); 2361 if (ret < 0) 2362 return ret; 2363 2364 #if defined(CONFIG_FIT_CIPHER) 2365 int cipher_noffset = 2366 fdt_subnode_offset(fit, noffset, FIT_CIPHER_NODENAME); 2367 2368 if (cipher_noffset > 0) { 2369 printf(" Decrypting Data ... "); 2370 ret = fit_image_uncipher(fit, noffset, (ulong)buf, size, load); 2371 if (ret) { 2372 printf(" Error: %d\n", ret); 2373 return -EACCES; 2374 } 2375 buf = (void *)load; 2376 printf(" OK\n"); 2377 } 2378 #endif 2379 2380 #if defined(CONFIG_FIT_IMAGE_POST_PROCESS) 2381 /* perform any post-processing on the image data */ 2382 if (board_fit_image_post_process((void *)fit, noffset, 2383 &load, (ulong **)&buf, &size, NULL)) 2384 return -EINVAL; 2385 #endif 2386 #endif 2387 2388 len = (ulong)size; 2389 2390 /* verify that image data is a proper FDT blob */ 2391 if (image_type == IH_TYPE_FLATDT && fdt_check_header(buf)) { 2392 puts("Subimage data is not a FDT"); 2393 return -ENOEXEC; 2394 } 2395 2396 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_GET_DATA_OK); 2397 2398 /* 2399 * Work-around for eldk-4.2 which gives this warning if we try to 2400 * cast in the unmap_sysmem() call: 2401 * warning: initialization discards qualifiers from pointer target type 2402 */ 2403 { 2404 void *vbuf = (void *)buf; 2405 2406 data = map_to_sysmem(vbuf); 2407 } 2408 2409 if (load_op == FIT_LOAD_IGNORED) { 2410 /* Don't load */ 2411 } else if (fit_image_get_load(fit, noffset, &load)) { 2412 if (load_op == FIT_LOAD_REQUIRED) { 2413 printf("Can't get %s subimage load address!\n", 2414 prop_name); 2415 bootstage_error(bootstage_id + BOOTSTAGE_SUB_LOAD); 2416 return -EBADF; 2417 } 2418 } else if (load_op != FIT_LOAD_OPTIONAL_NON_ZERO || load) { 2419 ulong image_start, image_end; 2420 ulong load_end; 2421 void *dst; 2422 2423 /* 2424 * move image data to the load address, 2425 * make sure we don't overwrite initial image 2426 */ 2427 image_start = addr; 2428 image_end = addr + fit_get_size(fit); 2429 2430 load_end = load + len; 2431 if (image_type != IH_TYPE_KERNEL && 2432 load < image_end && load_end > image_start) { 2433 printf("Error: %s overwritten\n", prop_name); 2434 return -EXDEV; 2435 } 2436 2437 printf(" Loading %s from 0x%08lx to 0x%08lx\n", 2438 prop_name, data, load); 2439 2440 dst = map_sysmem(load, len); 2441 memmove(dst, buf, len); 2442 data = load; 2443 } 2444 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_LOAD); 2445 2446 *datap = data; 2447 *lenp = len; 2448 if (fit_unamep) 2449 *fit_unamep = (char *)fit_uname; 2450 if (fit_uname_configp) 2451 *fit_uname_configp = (char *)(fit_uname_config ? : 2452 fit_base_uname_config); 2453 2454 return noffset; 2455 } 2456 2457 int fit_image_load(bootm_headers_t *images, ulong addr, 2458 const char **fit_unamep, const char **fit_uname_configp, 2459 int arch, int image_type, int bootstage_id, 2460 enum fit_load_op load_op, ulong *datap, ulong *lenp) 2461 { 2462 return fit_image_load_index(images, addr,fit_unamep, fit_uname_configp, 2463 arch, image_type, 0, bootstage_id, 2464 load_op, datap, lenp); 2465 } 2466 2467 int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch, 2468 ulong *setup_start, ulong *setup_len) 2469 { 2470 int noffset; 2471 ulong addr; 2472 ulong len; 2473 int ret; 2474 2475 addr = map_to_sysmem(images->fit_hdr_os); 2476 noffset = fit_get_node_from_config(images, FIT_SETUP_PROP, addr); 2477 if (noffset < 0) 2478 return noffset; 2479 2480 ret = fit_image_load(images, addr, NULL, NULL, arch, 2481 IH_TYPE_X86_SETUP, BOOTSTAGE_ID_FIT_SETUP_START, 2482 FIT_LOAD_REQUIRED, setup_start, &len); 2483 2484 return ret; 2485 } 2486 2487 #ifndef USE_HOSTCC 2488 int boot_get_fdt_fit(bootm_headers_t *images, ulong addr, 2489 const char **fit_unamep, const char **fit_uname_configp, 2490 int arch, ulong *datap, ulong *lenp) 2491 { 2492 int fdt_noffset, cfg_noffset, count; 2493 const void *fit; 2494 const char *fit_uname = NULL; 2495 const char *fit_uname_config = NULL; 2496 char *fit_uname_config_copy = NULL; 2497 char *next_config = NULL; 2498 ulong load, len; 2499 #ifdef CONFIG_OF_LIBFDT_OVERLAY 2500 ulong image_start, image_end; 2501 ulong ovload, ovlen; 2502 const char *uconfig; 2503 const char *uname; 2504 void *base, *ov; 2505 int i, err, noffset, ov_noffset; 2506 #endif 2507 2508 fit_uname = fit_unamep ? *fit_unamep : NULL; 2509 2510 if (fit_uname_configp && *fit_uname_configp) { 2511 fit_uname_config_copy = strdup(*fit_uname_configp); 2512 if (!fit_uname_config_copy) 2513 return -ENOMEM; 2514 2515 next_config = strchr(fit_uname_config_copy, '#'); 2516 if (next_config) 2517 *next_config++ = '\0'; 2518 if (next_config - 1 > fit_uname_config_copy) 2519 fit_uname_config = fit_uname_config_copy; 2520 } 2521 2522 fdt_noffset = fit_image_load(images, 2523 addr, &fit_uname, &fit_uname_config, 2524 arch, IH_TYPE_FLATDT, 2525 BOOTSTAGE_ID_FIT_FDT_START, 2526 FIT_LOAD_OPTIONAL, &load, &len); 2527 2528 if (fdt_noffset < 0) 2529 goto out; 2530 2531 debug("fit_uname=%s, fit_uname_config=%s\n", 2532 fit_uname ? fit_uname : "<NULL>", 2533 fit_uname_config ? fit_uname_config : "<NULL>"); 2534 2535 fit = map_sysmem(addr, 0); 2536 2537 cfg_noffset = fit_conf_get_node(fit, fit_uname_config); 2538 2539 /* single blob, or error just return as well */ 2540 count = fit_conf_get_prop_node_count(fit, cfg_noffset, FIT_FDT_PROP); 2541 if (count <= 1 && !next_config) 2542 goto out; 2543 2544 /* we need to apply overlays */ 2545 2546 #ifdef CONFIG_OF_LIBFDT_OVERLAY 2547 image_start = addr; 2548 image_end = addr + fit_get_size(fit); 2549 /* verify that relocation took place by load address not being in fit */ 2550 if (load >= image_start && load < image_end) { 2551 /* check is simplified; fit load checks for overlaps */ 2552 printf("Overlayed FDT requires relocation\n"); 2553 fdt_noffset = -EBADF; 2554 goto out; 2555 } 2556 2557 base = map_sysmem(load, len); 2558 2559 /* apply extra configs in FIT first, followed by args */ 2560 for (i = 1; ; i++) { 2561 if (i < count) { 2562 noffset = fit_conf_get_prop_node_index(fit, cfg_noffset, 2563 FIT_FDT_PROP, i); 2564 uname = fit_get_name(fit, noffset, NULL); 2565 uconfig = NULL; 2566 } else { 2567 if (!next_config) 2568 break; 2569 uconfig = next_config; 2570 next_config = strchr(next_config, '#'); 2571 if (next_config) 2572 *next_config++ = '\0'; 2573 uname = NULL; 2574 } 2575 2576 debug("%d: using uname=%s uconfig=%s\n", i, uname, uconfig); 2577 2578 ov_noffset = fit_image_load(images, 2579 addr, &uname, &uconfig, 2580 arch, IH_TYPE_FLATDT, 2581 BOOTSTAGE_ID_FIT_FDT_START, 2582 FIT_LOAD_REQUIRED, &ovload, &ovlen); 2583 if (ov_noffset < 0) { 2584 printf("load of %s failed\n", uname); 2585 continue; 2586 } 2587 debug("%s loaded at 0x%08lx len=0x%08lx\n", 2588 uname, ovload, ovlen); 2589 ov = map_sysmem(ovload, ovlen); 2590 2591 base = map_sysmem(load, len + ovlen); 2592 err = fdt_open_into(base, base, len + ovlen); 2593 if (err < 0) { 2594 printf("failed on fdt_open_into\n"); 2595 fdt_noffset = err; 2596 goto out; 2597 } 2598 /* the verbose method prints out messages on error */ 2599 err = fdt_overlay_apply_verbose(base, ov); 2600 if (err < 0) { 2601 fdt_noffset = err; 2602 goto out; 2603 } 2604 fdt_pack(base); 2605 len = fdt_totalsize(base); 2606 } 2607 #else 2608 printf("config with overlays but CONFIG_OF_LIBFDT_OVERLAY not set\n"); 2609 fdt_noffset = -EBADF; 2610 #endif 2611 2612 out: 2613 if (datap) 2614 *datap = load; 2615 if (lenp) 2616 *lenp = len; 2617 if (fit_unamep) 2618 *fit_unamep = fit_uname; 2619 if (fit_uname_configp) 2620 *fit_uname_configp = fit_uname_config; 2621 2622 if (fit_uname_config_copy) 2623 free(fit_uname_config_copy); 2624 return fdt_noffset; 2625 } 2626 #endif 2627