Commit Graph

177 Commits

Author SHA1 Message Date
Nathan Rossi
66eef1e780 tools: zynqimage: Add Xilinx Zynq boot header generation to mkimage
As with other platforms vendors love to create their own boot header
formats. Xilinx is no different and for the Zynq platform/SoC there
exists the "boot.bin" which is read by the platforms bootrom. This
format is described to a useful extent within the Xilinx Zynq TRM.

This implementation adds support for the 'zynqimage' to mkimage. The
implementation only considers the most common boot header which is
un-encrypted and packed directly after the boot header itself (no
XIP, etc.). However this implementation does take into consideration the
other fields of the header for image dumping use cases (vector table and
register initialization).

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2015-11-19 13:09:21 +01:00
Julius Werner
027b728d4a Add support for LZ4 decompression algorithm
This patch adds support for LZ4-compressed FIT image contents. This
algorithm has a slightly worse compression ration than LZO while being
nearly twice as fast to decompress. When loading images from a fast
storage medium this usually results in a boot time win.

Sandbox-tested only since I don't have a U-Boot development system set
up right now. The code was imported unchanged from coreboot where it's
proven to work, though. I'm mostly interested in getting this recognized
by mkImage for use in a downstream project.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-10-11 17:12:10 -04:00
Simon Glass
10b84fe1b5 rockchip: Add support for the SPI image
The Rockchip boot ROM requires a particular file format for booting from SPI.
It consists of a 512-byte header encoded with RC4, some padding and then up
to 32KB of executable code in 2KB blocks, separated by 2KB empty blocks.

Add support to mkimage so that an SPL image (u-boot-spl-dtb.bin) can be
converted to this format. This allows booting from SPI flash on supported
machines.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-09-02 21:28:23 -06:00
Simon Glass
f9a3c278b9 rockchip: Add support for the SD image
The Rockchip boot ROM requires a particular file format. It consists of
64KB of zeroes, a 512-byte header encoded with RC4, and then some executable
code.

Add support to mkimage so that an SPL image (u-boot-spl-dtb.bin) can be
converted to this format.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-09-02 21:28:23 -06:00
Simon Glass
a131c1f442 rockchip: Add the rkimage format to mkimage
Rockchip SoCs require certain formats for code that they execute, The
simplest format is a 4-byte header at the start of a binary file. Add
support for this so that we can create images that the boot ROM understands.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-09-02 21:28:23 -06:00
Simon Glass
5b9d44df23 mkimage: Display a better list of available image types
Offer to display the available image types in help. Also, rather than
hacking the genimg_get_type_id() function to display a list of types,
do this in the tool. Also, sort the list.

The list of image types is quite long, and hard to discover. Print it out
when we show help information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-07-21 17:39:20 -06:00
Karl Apsite
84a07dbfd8 add boot_get_loadables() to load listed images
Added a trimmed down instance of boot_get_<thing>() to satisfy the
minimum requierments of the added feature.  The function follows the
normal patterns set by other boot_get<thing>'s, which should make it a
bit easier to combine them all together into one boot_get_image()
function in a later refactor.

Documentation for the new function can be found in source:
  include/image.h

Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-05-28 08:18:20 -04:00
Karl Apsite
ecf8cd6535 mkimage will now report information about loadable
Added FIT_LOADABLE_PROP, so the user can identify an optional entry
named "loadables" in their .its configuration. "loadables" is a comma
separated list in the .its

Documentation can be found in doc/uImage.FIT/source_file_format.txt and
                              doc/uImage.Fit/multi-with-loadables.its

Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-05-28 08:18:20 -04:00
Jörg Krause
26e355d131 Fix musl build
This patch fixes cross-compiling U-Boot tools with the musl C library:
  * including <sys/types.h> is needed for ulong
  * defining _GNU_SOURCE is needed for loff_t

Tested for target at91sam9261ek_dataflash_cs3.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Tom Rini <trini@konsulko.com>
2015-05-08 17:24:17 -04:00
Albert ARIBAUD \(3ADEV\)
39f520bb62 lpc32xx: add lpc32xx-spl.bin boot image target
Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr>
2015-04-10 14:23:26 +02:00
Tom Rini
8e3da9dd11 Merge branch 'master' of git://git.denx.de/u-boot-dm 2015-01-30 09:24:42 -05:00
Ruchika Gupta
b37b46f042 rsa: Use checksum algorithms from struct hash_algo
Currently the hash functions used in RSA are called directly from the sha1
and sha256 libraries. Change the RSA checksum library to use the progressive
hash API's registered with struct hash_algo. This will allow the checksum
library to use the hardware accelerated progressive hash API's once available.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
(Fixed build error in am335x_boneblack_vboot due to duplicate CONFIG_DM)

Change-Id: Ic44279432f88d4e8594c6e94feb1cfcae2443a54
2015-01-29 17:09:59 -07:00
Guilherme Maciel Ferreira
39931f966a dumpimage: fit: extract FIT images
The dumpimage is able to extract components contained in a FIT image:

  $ ./dumpimage -T flat_dt -i CONTAINER.ITB -p INDEX FILE

The CONTAINER.ITB is a regular FIT container file. The INDEX is the poisition
of the sub-image to be retrieved, and FILE is the file (path+name) to save the
extracted sub-image.

For example, given the following kernel.its to build a kernel.itb:

  /dts-v1/;
  / {
      ...
      images {
        kernel@1 {
          description = "Kernel 2.6.32-34";
          data = /incbin/("/boot/vmlinuz-2.6.32-34-generic");
          type = "kernel";
          arch = "ppc";
          os = "linux";
          compression = "gzip";
          load = <00000000>;
          entry = <00000000>;
          hash@1 {
            algo = "md5";
          };
        };
        ...
      };
      ...
    };

The dumpimage can extract the 'kernel@1' node through the following command:

  $ ./dumpimage -T flat_dt -i kernel.itb -p 0 kernel
  Extracted:
   Image 0 (kernel@1)
    Description:  Kernel 2.6.32-34
    Created:      Wed Oct 22 15:50:26 2014
    Type:         Kernel Image
    Compression:  gzip compressed
    Data Size:    4040128 Bytes = 3945.44 kB = 3.85 MB
    Architecture: PowerPC
    OS:           Linux
    Load Address: 0x00000000
    Entry Point:  0x00000000
    Hash algo:    md5
    Hash value:   22352ad39bdc03e2e50f9cc28c1c3652

Which results in the file 'kernel' being exactly the same as '/boot/vmlinuz-2.6.32-34-generic'.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Marek Vasut
67ddd955fc image: bootm: Add OpenRTOS image type
Add separate image type for the Wittenstein OpenRTOS .

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-01-14 11:37:39 -05:00
Simon Glass
c654b5172a fdt: Add ft_system_setup() function for system device tree additions
Add an additional function for adding information to the device tree before
booting. This permits additions which are not board-specific.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Anatolij Gustschin <agust@denx.de>
Reviewed-by: Tom Rini <trini@ti.com>
2014-11-21 04:43:18 +01:00
Simon Glass
5bda35cffa x86: image: Add new image type for x64_64
This is a bit odd in that we are permitted to boot images for either, even
though they are separate architectures.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-28 20:44:04 -06:00
Simon Glass
90268b878b x86: Support loading kernel setup from a FIT
Add a new setup@ section to the FIT which can be used to provide a setup
binary for booting Linux on x86. This makes it possible to boot x86 from
a FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-22 09:03:06 -06:00
Charles Manning
832472a94d tools: socfpga: Add socfpga preloader signing to mkimage
Like many platforms, the Altera socfpga platform requires that the
preloader be "signed" in a certain way or the built-in boot ROM will
not boot the code.

This change automatically creates an appropriately signed preloader
from an SPL image.

The signed image includes a CRC which must, of course, be generated
with a CRC generator that the SoCFPGA boot ROM agrees with otherwise
the boot ROM will reject the image.

Unfortunately the CRC used in this boot ROM is not the same as the
Adler CRC in lib/crc32.c. Indeed the Adler code is not technically a
CRC but is more correctly described as a checksum.

Thus, the appropriate CRC generator is added to lib/ as crc32_alt.c.

Signed-off-by: Charles Manning <cdhmanning@gmail.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Chin Liang See <clsee@altera.com>
Cc: Dinh Nguyen <dinguyen@altera.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@ti.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Pavel Machek <pavel@denx.de>
Acked-by: Pavel Machek <pavel@denx.de>

V2: - Zap unused constant
    - Explicitly print an error message in case of error
    - Rework the hdr_checksum() function to take the *header directly
      instead of a plan buffer pointer
2014-10-06 17:38:17 +02:00
Simon Glass
fe20a81a68 Fix test failure caused by bad handling of ramdisk
Commit e3a5bbce broke the FIT image tests by not loading a ramdisk even if
a load address is provided in the FIT. The rationale was that a load address
of 0 should be considered to mean 'do not load'.

Add a new load operation which supports this feature, so that the ramdisk
will be loaded if a non-zero load address is provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-08-28 17:18:48 -04:00
Bryan Wu
6c454fedf5 image: fix bootm failure for FIT image
Commit b3dd64f5d5 "bootm: use genimg_get_kernel_addr()" introduced
a bug for booting FIT image. It's because calling fit_parse_config()
twice will give us wrong value in img_addr.

Add a new function genimg_get_kernel_addr_fit() whichl will always
return fit_uname_config and fit_uname_kernel for CONFIG_FIT.
genimg_get_kernel_addr() will ignore those to parameters.

Reported-by: York Sun <yorksun@freescale.com>
Signed-off-by: Bryan Wu <pengw@nvidia.com>
2014-08-21 12:01:29 -04:00
Bryan Wu
0f64140b69 image: introduce genimg_get_kernel_addr()
Kernel address is normally stored as a string argument of bootm or bootz.
This function is taken out from boot_get_kernel() of bootm.c, which can be
reused by others.

Signed-off-by: Bryan Wu <pengw@nvidia.com>
[trini: Fix warnings with CONFIG_FIT]
Signed-off-by: Tom Rini <trini@ti.com>
2014-08-09 11:18:47 -04:00
Dirk Eibach
9a4f479b64 fit: make sha256 support optional
sha256 has some beefy memory footprint.
Make it optional for constrained systems.

Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
2014-07-07 19:47:19 -04:00
Jeroen Hofstee
2b9912e6a7 includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19 11:19:04 -04:00
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00
Simon Glass
126cc86420 image: Remove the fit_load_image() property parameter
This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:59 -04:00
Michael van der Westhuizen
1de7bb4f27 Prevent a buffer overflow in mkimage when signing with SHA256
Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
 !USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>
2014-06-05 17:01:23 -04:00
Heiko Schocher
21d29f7f9f bootm: make use of legacy image format configurable
make the use of legacy image format configurable through
the config define CONFIG_IMAGE_FORMAT_LEGACY.

When relying on signed FIT images with required signature check
the legacy image format should be disabled. Therefore introduce
this new define and enable legacy image format if CONFIG_FIT_SIGNATURE
is not set. If CONFIG_FIT_SIGNATURE is set disable per default
the legacy image format.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Lars Steubesand <lars.steubesand@philips.com>
Cc: Mike Pearce <mike@kaew.be>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Simon Glass <sjg@chromium.org>
2014-06-05 14:44:56 -04:00
Andreas Bießmann
7b1a411743 mkimage: add atmelimage
The new atmelimage converts a machine code BLOB to bootable ROM image. Atmel
ROM has no sophisticated image format, it only checks the first 7 ARM vectors.
The vectors can contain valid B or LDR opcodes, the 6'th vector contains the
image size to load.

Additionally the PMECC header can be written by the atmelimage target. The
parameters must be given via the -n switch as a coma separated list. For
example:

mkimage -T atmelimage \
 -n usePmecc=1,sectorPerPage=4,sectorSize=512,spareSize=64,eccBits=4,eccOffset=36 \
 -d spl/u-boot-spl.bin boot.bin

A provided image can be checked for correct header setup. It prints out the
PMECC header parameters if it has one and the 6'th interrupt vector content.

---8<---
Image Type:	ATMEL ROM-Boot Image with PMECC Header
		PMECC header
		====================
		eccOffset:        36
		sectorSize:      512
		eccBitReq:         4
		spareSize:        64
		nbSectorPerPage:   4
		usePmecc:          1
		====================
		6'th vector has 17044 set
--->8---

A SPL binary modified with the atmelimage mkimage target was succesfully
booted on a sama5d34ek via MMC and NAND.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Bo Shen <voice.shen@atmel.com>
Cc: Heiko Schocher <hs@denx.de>
Tested-by: Bo Shen <voice.shen@atmel.com>
2014-05-27 00:10:48 +02:00
Tom Rini
c9afa7cea8 Merge branch 'master' of git://git.denx.de/u-boot-usb 2014-05-22 12:56:15 -04:00
Albert ARIBAUD
d2a3e91139 Merge branch 'u-boot/master'
Conflicts:
	drivers/net/Makefile

(trivial merge)
2014-05-09 11:50:14 +02:00
Sebastian Siewior
9ace3fc814 image: add support for Android's boot image format
This patch adds support for the Android boot-image format. The header
file is from the Android project and got slightly alterted so the struct +
its defines are not generic but have something like a namespace. The
header file is from bootloader/legacy/include/boot/bootimg.h. The header
parsing has been written from scratch and I looked at
bootloader/legacy/usbloader/usbloader.c for some details.
The image contains the physical address (load address) of the kernel and
ramdisk. This address is considered only for the kernel image.
The "second image" defined in the image header is currently not
supported. I haven't found anything that is creating this.

v3 (Rob Herring):
This is based on http://patchwork.ozlabs.org/patch/126797/ with the
following changes:
- Rebased to current mainline
- Moved android image handling to separate functions in
  common/image-android.c
- s/u8/char/ in header to fix string function warnings
- Use SPDX identifiers for licenses
- Cleaned-up file source information:
  android_image.h is from file include/boot/bootimg.h in repository:
  https://android.googlesource.com/platform/bootable/bootloader/legacy
  The git commit hash is 4205b865141ff2e255fe1d3bd16de18e217ef06a
  usbloader.c would be from the same commit, but it does not appear
  to have been used for any actual code.
v4:
- s/andriod/android/
- Use a separate flag ep_found to track if the entry point has been set
rather than using a magic value.

Cc: Wolfgang Denk <wd@denx.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Tom Rini <trini@ti.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
2014-05-08 10:38:29 +02:00
Karicheri, Muralidharan
bf411ea9f1 tools: mkimage: add support for gpimage format
This patch add support for gpimage format as a preparatory
patch for porting u-boot for keystone2 devices and is
based on omapimage format. It re-uses gph header to store the
size and loadaddr as done in omapimage.c

Signed-off-by: Vitaly Andrianov <vitalya@ti.com>
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
Acked-by: Tom Rini <trini@ti.com>
2014-04-17 17:24:38 -04:00
Heiko Schocher
29a23f9d6c tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:40:38 -04:00
Heiko Schocher
db1b5f3d20 rsa: add sha256,rsa4096 algorithm
Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name
2014-03-21 16:39:35 -04:00
Heiko Schocher
646257d1f4 rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:34 -04:00
Heiko Schocher
2842c1c242 fit: add sha256 support
add sha256 support to fit images

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:33 -04:00
Masahiro Yamada
95f7062710 fdt: rename IMAAGE_OF_BOARD_SETUP to IMAGE_OF_BOARD_SETUP
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
2014-02-19 10:47:30 -05:00
Alexey Brodkin
bc5d542880 arc: bdinfo, image and arc-specific init functions declarations support
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>

Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <fbedard@synopsys.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Heiko Schocher <hs@denx.de>
2014-02-07 08:14:33 -05:00
David Feng
0ae7653128 arm64: core support
Relocation code based on a patch by Scott Wood, which is:
Signed-off-by: Scott Wood <scottwood@freescale.com>

Signed-off-by: David Feng <fenghua@phytium.com.cn>
2014-01-09 16:08:44 +01:00
Marek Vasut
bce8837071 ARM: mxs: tools: Add mkimage support for MXS bootstream
Add mkimage support for generating and verifying MXS bootstream.
The implementation here is mostly a glue code between MXSSB v0.4
and mkimage, but the long-term goal is to rectify this and merge
MXSSB with mkimage more tightly. Once this code is properly in
U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage
support.

Note that the mxsimage generator needs libcrypto from OpenSSL, I
therefore enabled the libcrypto/libssl unconditionally.

MXSSB: http://git.denx.de/?p=mxssb.git;a=summary

The code is based on research presented at:
http://www.rockbox.org/wiki/SbFileFormat

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>
2013-08-31 15:26:52 +02:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
f320a4d845 bootm: Use selected configuration for ramdisk and fdt
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.

In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-12 10:32:39 -04:00
Simon Glass
a5266d6b5d bootm: Clean up bootz_setup() function
This function has no prototype in the headers and passes void * around, thus
requiring several casts. Tidy this up.

- Add new patch to clean up bootz_setup() function

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-10 09:15:14 -04:00
Simon Glass
29ce737d6f mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE
At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.

Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.

If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:

lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-28 16:26:52 -04:00
Simon Glass
4d0985295b image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
3e569a6b1e image: Add signing infrastructure
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
d0ae31eb07 Add a 'fake' go command to the bootm command
For tracing it is useful to run as much of U-Boot as possible so as to get
a complete picture. Quite a bit of work happens in bootm, and we don't want
to have to stop tracing before bootm starts.

Add a way of doing a 'fake' boot of the OS - which does everything up to
the point where U-Boot is about to jump to the OS image. This allows
tracing to record right until the end.

This requires arch support to work.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
35fc84fa1f Refactor the bootm command to reduce code duplication
At present the bootm code is mostly duplicated for the plain 'bootm'
command and its sub-command variant. This makes the code harder to
maintain and means that changes must be made to several places.

Introduce do_bootm_states() which performs selected portions of the bootm
work, so that both plain 'bootm' and 'bootm <sub_command>' can use the
same code.

Additional duplication exists in bootz, so tidy that up as well. This
is not intended to change behaviour, apart from minor fixes where the
previously-duplicated code missed some chunks of code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
4651800d51 image: Use fit_image_load() to load kernel
Use the new common code to load a kernel. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00