Commit Graph

112 Commits

Author SHA1 Message Date
Vesa Jääskeläinen
5b123e0109 lib: rsa: add support to other openssl engine types than pkcs11
There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.

Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Cc: Tom Rini <trini@konsulko.com>
2019-07-18 11:31:23 -04:00
Jordan Hand
73c02e5e4f fdt: Fix mkimage list to try every header type
Signed-off-by: Jordan Hand <jorhand@microsoft.com>
Tested-by: Vagrant Cascadian <vagrant@debian.org>
Tested-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-04-11 20:10:50 -06:00
Jordan Hand
d32aa3cae4 fdt: Fix FIT header verification in mkimage and conduct same checks as bootm
FIT header verification in mkimage was treating a return code as a boolean,
which meant that failures in validating the fit were seen as successes.

Additionally, mkimage was checking all formats to find a header which
passes validation, rather than using the image type specified to
mkimage.

checkpatch.pl checks for lines ending with '(' and alignment matching
open parentheses are ignored to keep with existing coding style.

Signed-off-by: Jordan Hand <jorhand@microsoft.com>
2019-03-08 11:31:44 -05:00
Peng Fan
6609c2663c tools: add i.MX8M image support
i.MX8M bootable image type is like i.MX6/7, but there is signed HDMI
firmware image in front of A53 bootable image, which is also has an IVT
header.

Here we also include fit image to generate a bootable image.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Stefano Babic <sbabic@denx.de>
2019-01-01 14:12:18 +01:00
Peng Fan
a2b96ece5b tools: add i.MX8/8X image support
i.MX8/8X bootable image type is container type.
The bootable image, containers a container set which supports two
container. The 1st container is for SECO firmware, the 2nd container
needs to include scfw, m4_0/1 image, ACore images per your requirement.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2018-10-22 13:01:27 +02:00
Mark Tomlinson
8961c8ad25 tools: mkimage: Ensure munmap unmaps the same length that was mapped
The set_header call in kwbimage.c adds a checksum to the end of the
image in addition to setting up the header. It 'helpfully' updates the
st_size to match the fact that the file is now longer. However, mkimage
uses this length in the munmap call. This can lead to unmapping an extra
page, of perhaps required data. When this happens, a SEGV can occur.

To prevent this from happening, the munmap call now uses the same length
that was passed to mmap. This could also have been fixed by not changing
the length in kwbimage.c, however changing it in the main file means
that other plugins will also not fall for the same trap.

Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
[cp: resolve checkpatch complaints]
Tested-by: Chris Packham <judge.packham@gmail.com>
2018-09-10 21:19:32 -04:00
Alexander Graf
6915dcf359 tools: zynqmpimage: Add bif support
The officially described way to generate boot.bin files for ZynqMP is to
describe the contents of the target binary using a file of the "bif"
format.  This file then links to other files that all get packed into a
bootable image.

This patch adds support to read such a .bif file and generate a respective
ZynqMP boot.bin file that can include the normal image and pmu files, but
also supports image partitions now. This makes it a handy replacement for
the proprietary "bootgen" utility that is currently used to generate
boot.bin files with FSBL.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2018-05-11 09:23:44 +02:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Alex Kiernan
8c84287a0f tools: mkimage: Check for datafile when type is script
If generating a script image and no datafile has been passed in, mkimage
dies with SIGSEGV:

  #0  __strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
  #1  0x0000000000403818 in main
      at tools/mkimage.c:503

Add explicit test for datafile to fix this.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2018-04-28 18:32:25 -04:00
Guillaume GARDET
004d00914a mkimage: do not fail if there is no print_header function
Commit 253c60a breaks the exit value of 'mkimage -T rkimage'
and print the following  error:
  mkimage: Can't print header for Rockchip Boot Image support: Success

It is not a failure to not print headers, so just display the warning message,
and finish the function properly.

Signed-off-by: Guillaume GARDET <guillaume.gardet@free.fr>

Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
2018-04-10 11:52:16 -04:00
Baruch Siach
79aa33cdb3 mkimage: fix display of image types list
Since commit 5b9d44df23 (mkimage: Display a better list of available image
types) mkimage usage text suggest to "use -T to see a list of available image
types". Unfortunately, commit 02221f29deb8 (mkimage: Convert to use getopt())
broke that feature, because getopt() fails when -T has no option argument.

Add a pseudo image type name 'list' that lists all image types. Update the
usage text accordingly.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
2017-07-06 16:17:16 -04:00
Sven Ebenfeld
b4e923a805 tools: mkimage: fix sizeof_mismatch found by coverity
Reported-by: Coverity (CID: 155214)
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
2017-01-20 15:38:04 -05:00
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Sven Ebenfeld
d21bd69b6e tools: mkimage: add firmware-ivt image type for HAB verification
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:06:57 +01:00
Tomeu Vizoso
0f7c6cdc81 mkimage: Allow including a ramdisk in FIT auto mode
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).

This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-06 07:33:42 -05:00
Simon Glass
0cd82e255f mkimage: Fix missing free() in show_valid_options()
The allocated memory should be freed. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150963)
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-10-31 10:13:18 -04:00
Vagrant Cascadian
82bd2f29ea Fix spelling of "occur".
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Acked-by: Angelo Dureghello <angelo@sysam.it>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-31 10:13:16 -04:00
Karl Beldan
1b92aed253 mkimage: Fix argument parsing with signature comment
Inform getopt that '-c' requires a parameter.

Fixes: a02221f29d ("mkimage: Convert to use getopt()")
Signed-off-by: Karl Beldan <kbeldan@baylibre.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-08-05 20:55:23 -04:00
Teddy Reed
b6fefa76d0 mkimage: fix missing break for -p switch
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reported-by: Coverity (CID: 150277)
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:44 -04:00
Simon Glass
51f03e6a75 mkimage: Show item lists for all categories
Update the error-handling code for -A, -C and -O to show a list of valid
options when an invalid one is provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Vinoth Eswaran <evinoth1206@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:31 -04:00
Simon Glass
f24e10500f mkimage: Use generic code for showing an 'image type' error
The existing error code only displays image types which are claimed by a
particular U_BOOT_IMAGE_TYPE() driver. But this does not seem correct. The
mkimage tool should support all image types, so it makes sense to allow
creation of images of any type with the tool.

When an incorrect image type is provided, use generic code to display the
error.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:30 -04:00
Simon Glass
3066422512 mkimage: Allow display of a list of any image header category
Add a generic function which can display a list of items in any category.
This will allow displaying of images for the -A, -C, -O and -T flags. At
present only -T is supported.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:30 -04:00
Simon Glass
58b2247542 mkimage: Drop blank line before main()
This is not needed. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:27 -04:00
Simon Glass
63ef31b9ef mkimage: Drop premature setting of params.fit_image_type
There is no need to set params.fit_image_type while parsing the arguments.
It is set up later anyway.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:27 -04:00
Simon Glass
e324a92531 mkimage: Require a data file when auto-fit is used
When auto-fit is used, it is not valid to create a FIT without an image
file. Add a check for this to avoid a very confusing error message later
("Can't open (null): Bad address").

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:27 -04:00
Simon Glass
3c23c0feac mkimage: Explain the auto-fit imagefile special case
There is a special case in the code when auto-fit is used. Add a comment to
make it easier to understand why this is needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-07-14 18:22:26 -04:00
Simon Glass
20deaddd46 mkimage: Honour the default image type with auto-fit
The default image type is supposed to be IH_TYPE_KERNEL, as set in the
'params' variable. Honour this with auto-fit also.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:26 -04:00
Teddy Reed
f8f9107d97 mkimage: fit: spl: Add an optional static offset for external data
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.

It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
2016-06-24 17:23:06 -04:00
Simon Glass
bd6e142094 mkimage: Add a quiet mode
Some build systems want to be quiet unless there is a problem. At present
mkimage displays quite a bit of information when generating a FIT file. Add
a '-q' flag to silence this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-05-23 11:50:19 -04:00
Andreas Bießmann
8edeac86db mkimage: fix generation of FIT image
Commit 7a439cadcf broke generation of SPL
loadable FIT images (CONFIG_SPL_LOAD_FIT).
Fix it by removing the unnecessary storage of expected image type. This was a
left over of the previous implementation. It is not longer necessary since the
mkimage -b switch always has one parameter.

Tested-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2016-05-03 11:28:18 -04:00
Andreas Bießmann
7a439cadcf mkimage: fix argument parsing on BSD systems
The getopt(3) optstring '-' is a GNU extension which is not available on BSD
systems like OS X.

Remove this dependency by implementing argument parsing in another way. This
will also change the lately introduced '-b' switch behaviour.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-05-02 18:37:09 -04:00
Simon Glass
722ebc8f84 mkimage: Support placing data outside the FIT
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.

In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.

This allows SPL to load the entire FIT, without the images, then load the
images it wants later.

Add a -E option to mkimage to request that it output an 'external' FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
fb4cce0f98 mkimage: Support adding device tree files to a FIT
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.

So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.

Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.

Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.

To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:28 -04:00
Simon Glass
d505a09c1e mkimage: Allow a FIT to include an image of any type
At present FIT images are set up by providing a device tree source file
which is a file with a .its extension. We want to support automatically
creating this file based on the image supplied to mkimage. This means that
even though the final file type is always IH_TYPE_FLATDT, the image inside
may be something else.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:27 -04:00
Simon Glass
cc7a64447b mkimage: Make 'params' static
This is not used outside mkimage.c, so make this variable static.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:11 -04:00
Simon Glass
1531034831 mkimage: Show an error message when usage() is called
Sometimes incorrect arguments are supplied but the reason is not obvious to
the user. Add some helpful messages.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:11 -04:00
Simon Glass
b0a487a4eb mkimage: Move usage() up to the top
To avoid a forward declaration, move the usage() function higher in the
file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:11 -04:00
Simon Glass
0745008145 mkimage: Sort the option processing code by option
Adjust the code so that option alphabetical order matches the order in the
switch() statement. This makes it easier to find options.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:10 -04:00
Simon Glass
a02221f29d mkimage: Convert to use getopt()
The current way of parsing arguments is a bit clumsy. It seems better to
use getopt() which is commonly used for this purpose.

Convert the code to use getopt() and make a few minor adjustments as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:07 -04:00
Simon Glass
0b443dee6b mkimage: Move argument processing into its own function
At present main() is very long. Split out the argument processing to make
it easier to follow.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:01 -04:00
William Cohen
c190fbd010 Gracefully handle 64-bit signed-extended 32-bit Load addresses
To follow the MIPS 32-bit and 64-bit memory map conventions (*) recent
MIPS Linux kernels are using a 64-bit sign extended value
(0xffffffff80010000) for the 32-bit load address (0x80010000) of the
Creator CI20 board kernel.  When this 64-bit argument was passed to
mkimage running on a 32-bit machine such as the Creator CI20 board the
load address was incorrectly formed from the upper 32-bit sign-extend
bits (0xffffffff) by the strtoul instead of from the lower 32-bits
(0x80010000).  The mkimage should be able to tolerate the longer
sign-extended 64-bit version of the 32-bit arguments with the use of
strtoull.  Use of the strtoll in place of the strtol in mkimage.c
resolves the issue of self hosted kernel builds for the Creator CI20
board (+) and (++).

(*) http://techpubs.sgi.com/library/dynaweb_docs/0620/SGI_Developer/books/DevDriver_PG/sgi_html/ch01.html
(+) https://github.com/MIPS/CI20_linux/issues/23
(++) https://github.com/MIPS/CI20_linux/issues/22

Signed-off-by: William Cohen <wcohen@redhat.com>
2016-02-24 18:43:58 -05:00
Marek Vasut
3463314125 mkimage: Fix warning from fix for generating multi and script images again
Seems 6ae6e160 broke creating images in certain cases, there
are two problems with that patch.

First is that the expression "!x == 4 || !x == 6" is ambiguous.  The
intention here was "!(x == 4) || !(x == 6)" based on reading further in
the file, where this was borrowed from.  This however is interpreted by
gcc as "(!x) == 4 || (!x) == 6" and always false.  gcc-5.x will warn
about this case.

The second problem is that we do not want to test for the case of "(NOT x
is 4) OR (NOT x is 6)" but instead "(x is not equal to 4) AND (x is not
equal to 6)".  This is because in those two cases we already execute the
code question in another part of the file.  Rewrite the expression and
add parenthesis for clarity.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Philippe De Swert <philippedeswert@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
[trini: Re-word Marek's explanation]
2015-12-07 13:28:09 -05:00
Philippe De Swert
6ae6e16005 mkimage : Fix generating multi and script images
Seems 92a655c3 broke creating multi and script type images.
Since the file1:file2:file3 string does not get split up,
it fails on trying to open an non-existing file.

mkimage -A arm -O linux -T multi -C none -d zImage:splash.bmp:device.dtb uimage
tools/mkimage: Can't open zImage:splash.bmp:device.dtb: No such file or directory

Since the sizes of the different parts seem to get added in the actual
routine that handles multi and script type images, we can probably skip the
bit of the code that causes the failure for that type of images.

Signed-off-by: Philippe De Swert <philippedeswert@gmail.com>
2015-12-05 18:22:35 -05:00
Tom Rini
354973076a tools/mkimage.c: Clarify help text for -D slightly
Try and make it clear that -D will replace all arguments passed to dtc
and is not appending them.

Signed-off-by: Tom Rini <trini@konsulko.com>
2015-10-11 17:12:11 -04:00
Simon Glass
424b86ae59 mkimage: Allow padding to any length
At present there is an arbitrary limit of 4KB for padding. Rockchip needs
more than that, so remove this restriction.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
2015-09-02 21:28:23 -06:00
Simon Glass
92a655c326 mkimage: Set up a file size parameter and keep it updated
Some functions called by mkimage would like to know the output file size.
Initially this is the same as the input file size, but it may be affected by
adding headers, etc.

Add this information to the image parameters.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2015-07-21 17:39:29 -06:00
Simon Glass
5b9d44df23 mkimage: Display a better list of available image types
Offer to display the available image types in help. Also, rather than
hacking the genimg_get_type_id() function to display a list of types,
do this in the tool. Also, sort the list.

The list of image types is quite long, and hard to discover. Print it out
when we show help information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-07-21 17:39:20 -06:00
Guilherme Maciel Ferreira
f41f5b7c05 dumpimage: add 'T' option to explicitly set the image type
Some image types, like "KeyStone GP", do not have magic numbers to
distinguish them from other image types. Thus, the automatic image
type discovery does not work correctly.

This patch also fix some integer type mismatches.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
a93648d197 imagetool: replace image registration function by linker_lists feature
The registration was introduced in commit f86ed6a8d5

This commit also removes all registration functions, and the member "next"
from image_type_params struct

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00