Commit Graph

24 Commits

Author SHA1 Message Date
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Tomeu Vizoso
0f7c6cdc81 mkimage: Allow including a ramdisk in FIT auto mode
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).

This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-06 07:33:42 -05:00
Vagrant Cascadian
5847084f6b Respect SOURCE_DATE_EPOCH when building FIT images.
Embedding timestamps in FIT images results in unreproducible builds
for targets that generate a fit image, such as dra7xx_evm.

This patch uses the SOURCE_DATE_EPOCH environment variable, when set,
to use specified value for the date.

Thanks to HW42 for debugging the issue and providing the patch:

  https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html

For more information about reproducible builds and the
SOURCE_DATE_EPOCH specification:

  https://reproducible-builds.org/specs/source-date-epoch/
  https://reproducible-builds.org/

Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-06-24 17:23:10 -04:00
Teddy Reed
f8f9107d97 mkimage: fit: spl: Add an optional static offset for external data
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.

It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
2016-06-24 17:23:06 -04:00
Simon Glass
bd6e142094 mkimage: Add a quiet mode
Some build systems want to be quiet unless there is a problem. At present
mkimage displays quite a bit of information when generating a FIT file. Add
a '-q' flag to silence this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-05-23 11:50:19 -04:00
Simon Glass
722ebc8f84 mkimage: Support placing data outside the FIT
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.

In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.

This allows SPL to load the entire FIT, without the images, then load the
images it wants later.

Add a -E option to mkimage to request that it output an 'external' FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
fb4cce0f98 mkimage: Support adding device tree files to a FIT
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.

So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.

Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.

Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.

To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:28 -04:00
Simon Glass
3837ce65bd tools: Add a function to obtain the size of a file
This will be used in mkimage when working out the required size of the FIT
based on the files to be placed into it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:27 -04:00
Simon Glass
d505a09c1e mkimage: Allow a FIT to include an image of any type
At present FIT images are set up by providing a device tree source file
which is a file with a .its extension. We want to support automatically
creating this file based on the image supplied to mkimage. This means that
even though the final file type is always IH_TYPE_FLATDT, the image inside
may be something else.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:27 -04:00
Simon Glass
1b99e5bbb6 mkimage: Allow the original file size to be recorded
Allow the image handler to store the original input file size so that it
can reference it later.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
2015-09-02 21:28:23 -06:00
Simon Glass
92a655c326 mkimage: Set up a file size parameter and keep it updated
Some functions called by mkimage would like to know the output file size.
Initially this is the same as the input file size, but it may be affected by
adding headers, etc.

Add this information to the image parameters.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2015-07-21 17:39:29 -06:00
Jörg Krause
26e355d131 Fix musl build
This patch fixes cross-compiling U-Boot tools with the musl C library:
  * including <sys/types.h> is needed for ulong
  * defining _GNU_SOURCE is needed for loff_t

Tested for target at91sam9261ek_dataflash_cs3.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Tom Rini <trini@konsulko.com>
2015-05-08 17:24:17 -04:00
Andreas Bießmann
1fddd7b63c tools/imagetool: remove linker script
Commit a93648d197 introduced linker generated
lists for imagetool which is the base for some host tools (mkimage, dumpimage,
et al.).  Unfortunately some host tool chains do not support the used type of
linker scripts. Therefore this commit broke these host-tools for them, namely
FreeBSD and Darwin (OS/X).

This commit tries to fix this. In order to have a clean distinction between host
and embedded code space we need to introduce our own linker generated list
instead of re-using the available linker_lists.h provided functionality.  So we
copy the implementation used in linux kernel script/mod/file2alias.c which has
the very same problem (cause it is a host tool). This code also comes with an
abstraction for Mach-O binary format used in Darwin systems.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-02-16 12:41:41 -05:00
Guilherme Maciel Ferreira
67f946cd18 dumpimage: replace the term "datafile" by "subimage"
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
a93648d197 imagetool: replace image registration function by linker_lists feature
The registration was introduced in commit f86ed6a8d5

This commit also removes all registration functions, and the member "next"
from image_type_params struct

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
067d156075 imagetool: make the image_save_datafile() available to all image types
Move the image_save_datafile() function from an U-Multi specific file
(default_image.c) to a file common to all image types (image.c). And rename it
to genimg_save_datafile(), to make clear it is useful for any image type.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
0ca6691c2e imagetool: move common code to imagetool module
The get_type() and verify_print_header() functions have the
same code on both dumpimage.c and mkimage.c modules.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Charles Manning
832472a94d tools: socfpga: Add socfpga preloader signing to mkimage
Like many platforms, the Altera socfpga platform requires that the
preloader be "signed" in a certain way or the built-in boot ROM will
not boot the code.

This change automatically creates an appropriately signed preloader
from an SPL image.

The signed image includes a CRC which must, of course, be generated
with a CRC generator that the SoCFPGA boot ROM agrees with otherwise
the boot ROM will reject the image.

Unfortunately the CRC used in this boot ROM is not the same as the
Adler CRC in lib/crc32.c. Indeed the Adler code is not technically a
CRC but is more correctly described as a checksum.

Thus, the appropriate CRC generator is added to lib/ as crc32_alt.c.

Signed-off-by: Charles Manning <cdhmanning@gmail.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Chin Liang See <clsee@altera.com>
Cc: Dinh Nguyen <dinguyen@altera.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@ti.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Pavel Machek <pavel@denx.de>
Acked-by: Pavel Machek <pavel@denx.de>

V2: - Zap unused constant
    - Explicitly print an error message in case of error
    - Rework the hdr_checksum() function to take the *header directly
      instead of a plan buffer pointer
2014-10-06 17:38:17 +02:00
Jeroen Hofstee
2b9912e6a7 includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19 11:19:04 -04:00
Andreas Bießmann
7b1a411743 mkimage: add atmelimage
The new atmelimage converts a machine code BLOB to bootable ROM image. Atmel
ROM has no sophisticated image format, it only checks the first 7 ARM vectors.
The vectors can contain valid B or LDR opcodes, the 6'th vector contains the
image size to load.

Additionally the PMECC header can be written by the atmelimage target. The
parameters must be given via the -n switch as a coma separated list. For
example:

mkimage -T atmelimage \
 -n usePmecc=1,sectorPerPage=4,sectorSize=512,spareSize=64,eccBits=4,eccOffset=36 \
 -d spl/u-boot-spl.bin boot.bin

A provided image can be checked for correct header setup. It prints out the
PMECC header parameters if it has one and the 6'th interrupt vector content.

---8<---
Image Type:	ATMEL ROM-Boot Image with PMECC Header
		PMECC header
		====================
		eccOffset:        36
		sectorSize:      512
		eccBitReq:         4
		spareSize:        64
		nbSectorPerPage:   4
		usePmecc:          1
		====================
		6'th vector has 17044 set
--->8---

A SPL binary modified with the atmelimage mkimage target was succesfully
booted on a sama5d34ek via MMC and NAND.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Bo Shen <voice.shen@atmel.com>
Cc: Heiko Schocher <hs@denx.de>
Tested-by: Bo Shen <voice.shen@atmel.com>
2014-05-27 00:10:48 +02:00
Karicheri, Muralidharan
bf411ea9f1 tools: mkimage: add support for gpimage format
This patch add support for gpimage format as a preparatory
patch for porting u-boot for keystone2 devices and is
based on omapimage format. It re-uses gph header to store the
size and loadaddr as done in omapimage.c

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Acked-by: Tom Rini <trini@ti.com>
2014-04-17 17:24:38 -04:00
Guilherme Maciel Ferreira
a804b5ce2d Add dumpimage, a tool to extract data from U-Boot images
Given a multi-file image created through the mkimage's -d option:

  $ mkimage -A x86 -O linux -T multi -n x86 -d vmlinuz:initrd.img:System.map \
  multi.img

  Image Name:   x86
  Created:      Thu Jul 25 10:29:13 2013
  Image Type:   Intel x86 Linux Multi-File Image (gzip compressed)
  Data Size:    13722956 Bytes = 13401.32 kB = 13.09 MB
  Load Address: 00000000
  Entry Point:  00000000
  Contents:
     Image 0: 4040128 Bytes = 3945.44 kB = 3.85 MB
     Image 1: 7991719 Bytes = 7804.41 kB = 7.62 MB
     Image 2: 1691092 Bytes = 1651.46 kB = 1.61 MB

It is possible to perform the innverse operation -- extracting any file from
the image -- by using the dumpimage's -i option:

  $ dumpimage -i multi.img -p 2 System.map

Although it's feasible to retrieve "data files" from image through scripting,
the requirement to embed tools such 'dd', 'awk' and 'sed' for this sole purpose
is cumbersome and unreliable -- once you must keep track of file sizes inside
the image. Furthermore, extracting data files using "dumpimage" tool is faster
than through scripting.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2013-12-13 09:15:32 -05:00
Guilherme Maciel Ferreira
f86ed6a8d5 tools: moved code common to all image tools to a separated module.
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".

This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:

                                                      +---------------+
                                               +------|   fit_image   |
 +--------------+          +-----------+       |      +---------------+
 |    mkimage   |--------> |           | <-----+
 +--------------+          |           |              +---------------+
                           | imagetool | <------------|    imximage   |
 +--------------+          |           |              +---------------+
 |  dumpimage   |--------> |           | <-----+
 +--------------+          +-----------+       |      +---------------+
                                               +------| default_image |
                                                      +---------------+

          register_image_tool()           register_image_type()

Also, the struct "mkimage_params" was renamed to "image_tool_params" to make
clear its general purpose.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2013-12-13 09:15:32 -05:00