diff options
45 files changed, 887 insertions, 251 deletions
@@ -127,7 +127,7 @@ config TOOLS_DEBUG it is possible to set breakpoints on particular lines, single-step debug through the source code, etc. -endif +endif # EXPERT config PHYS_64BIT bool "64bit physical address support" @@ -143,35 +143,26 @@ menu "Boot images" config FIT bool "Support Flattened Image Tree" help - This option allows to boot the new uImage structrure, + This option allows you to boot the new uImage structure, Flattened Image Tree. FIT is formally a FDT, which can include images of various types (kernel, FDT blob, ramdisk, etc.) in a single blob. To boot this new uImage structure, pass the address of the blob to the "bootm" command. FIT is very flexible, supporting compression, multiple images, multiple configurations, verification through hashing and also - verified boot (secure boot using RSA). This option enables that - feature. + verified boot (secure boot using RSA). -config SPL_FIT - bool "Support Flattened Image Tree within SPL" - depends on FIT - depends on SPL - -config FIT_VERBOSE - bool "Display verbose messages on FIT boot" - depends on FIT +if FIT config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" - depends on FIT depends on DM select RSA help This option enables signature verification of FIT uImages, using a hash signed and verified using RSA. If CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive - hashing is available using hardware, then then RSA library will use + hashing is available using hardware, then the RSA library will use it. See doc/uImage.FIT/signature.txt for more details. WARNING: When relying on signed FIT images with a required signature @@ -180,15 +171,16 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY. -config SPL_FIT_SIGNATURE - bool "Enable signature verification of FIT firmware within SPL" - depends on SPL_FIT - depends on SPL_DM - select SPL_RSA +config FIT_VERBOSE + bool "Show verbose messages when FIT images fail" + help + Generally a system will have valid FIT images so debug messages + are a waste of code space. If you are debugging your images then + you can enable this option to get more verbose information about + failures. config FIT_BEST_MATCH bool "Select the best match for the kernel device tree" - depends on FIT help When no configuration is explicitly selected, default to the one whose fdt's compatibility field best matches that of @@ -196,14 +188,55 @@ config FIT_BEST_MATCH most specific compatibility entry of U-Boot's fdt's root node. The order of entries in the configuration's fdt is ignored. -config FIT_VERBOSE - bool "Show verbose messages when FIT images fails" - depends on FIT +config FIT_IMAGE_POST_PROCESS + bool "Enable post-processing of FIT artifacts after loading by U-Boot" + depends on TI_SECURE_DEVICE help - Generally a system will have valid FIT images so debug messages - are a waste of code space. If you are debugging your images then - you can enable this option to get more verbose information about - failures. + Allows doing any sort of manipulation to blobs after they got extracted + from FIT images like stripping off headers or modifying the size of the + blob, verification, authentication, decryption etc. in a platform or + board specific way. In order to use this feature a platform or board- + specific implementation of board_fit_image_post_process() must be + provided. Also, anything done during this post-processing step would + need to be comprehended in how the images were prepared before being + injected into the FIT creation (i.e. the blobs would have been pre- + processed before being added to the FIT image). + +config SPL_FIT + bool "Support Flattened Image Tree within SPL" + depends on SPL + +config SPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within SPL" + depends on SPL_FIT + depends on SPL_DM + select SPL_RSA + +config SPL_LOAD_FIT + bool "Enable SPL loading U-Boot as a FIT" + help + Normally with the SPL framework a legacy image is generated as part + of the build. This contains U-Boot along with information as to + where it should be loaded. This option instead enables generation + of a FIT (Flat Image Tree) which provides more flexibility. In + particular it can handle selecting from multiple device tree + and passing the correct one to U-Boot. + +config SPL_FIT_IMAGE_POST_PROCESS + bool "Enable post-processing of FIT artifacts after loading by the SPL" + depends on SPL_LOAD_FIT && TI_SECURE_DEVICE + help + Allows doing any sort of manipulation to blobs after they got extracted + from the U-Boot FIT image like stripping off headers or modifying the + size of the blob, verification, authentication, decryption etc. in a + platform or board specific way. In order to use this feature a platform + or board-specific implementation of board_fit_image_post_process() must + be provided. Also, anything done during this post-processing step would + need to be comprehended in how the images were prepared before being + injected into the FIT creation (i.e. the blobs would have been pre- + processed before being added to the FIT image). + +endif # FIT config OF_BOARD_SETUP bool "Set up board-specific details in device tree before boot" @@ -256,44 +289,6 @@ config SYS_TEXT_BASE help TODO: Move CONFIG_SYS_TEXT_BASE for all the architecture -config SPL_LOAD_FIT - bool "Enable SPL loading U-Boot as a FIT" - depends on FIT - help - Normally with the SPL framework a legacy image is generated as part - of the build. This contains U-Boot along with information as to - where it should be loaded. This option instead enables generation - of a FIT (Flat Image Tree) which provides more flexibility. In - particular it can handle selecting from multiple device tree - and passing the correct one to U-Boot. - -config SPL_FIT_IMAGE_POST_PROCESS - bool "Enable post-processing of FIT artifacts after loading by the SPL" - depends on SPL_LOAD_FIT && TI_SECURE_DEVICE - help - Allows doing any sort of manipulation to blobs after they got extracted - from the U-Boot FIT image like stripping off headers or modifying the - size of the blob, verification, authentication, decryption etc. in a - platform or board specific way. In order to use this feature a platform - or board-specific implementation of board_fit_image_post_process() must - be provided. Also, anything done during this post-processing step would - need to be comprehended in how the images were prepared before being - injected into the FIT creation (i.e. the blobs would have been pre- - processed before being added to the FIT image). - -config FIT_IMAGE_POST_PROCESS - bool "Enable post-processing of FIT artifacts after loading by U-Boot" - depends on FIT && TI_SECURE_DEVICE - help - Allows doing any sort of manipulation to blobs after they got extracted - from FIT images like stripping off headers or modifying the size of the - blob, verification, authentication, decryption etc. in a platform or - board specific way. In order to use this feature a platform or board- - specific implementation of board_fit_image_post_process() must be - provided. Also, anything done during this post-processing step would - need to be comprehended in how the images were prepared before being - injected into the FIT creation (i.e. the blobs would have been pre- - processed before being added to the FIT image). config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI diff --git a/MAINTAINERS b/MAINTAINERS index 793ff49..1ea7ae0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -434,6 +434,17 @@ S: Maintained F: drivers/spmi/ F: include/spmi/ +TI SYSTEM SECURITY +M: Andrew F. Davis <afd@ti.com> +S: Supported +F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S +F: arch/arm/mach-omap2/omap5/sec-fxns.c +F: arch/arm/mach-omap2/sec-common.c +F: arch/arm/mach-omap2/config_secure.mk +F: configs/am43xx_hs_evm_defconfig +F: configs/am57xx_hs_evm_defconfig +F: configs/dra7xx_hs_evm_defconfig + TQ GROUP #M: Martin Krause <martin.krause@tq-systems.de> S: Orphaned (Since 2016-02) diff --git a/arch/arm/cpu/armv8/start.S b/arch/arm/cpu/armv8/start.S index 140609d..9535057 100644 --- a/arch/arm/cpu/armv8/start.S +++ b/arch/arm/cpu/armv8/start.S @@ -98,7 +98,7 @@ save_boot_params_ret: /* Processor specific initialization */ bl lowlevel_init -#if CONFIG_IS_ENABLED(ARMV8_SPIN_TABLE) +#if defined(CONFIG_ARMV8_SPIN_TABLE) && !defined(CONFIG_SPL_BUILD) branch_if_master x0, x1, master_cpu b spin_table_secondary_jump /* never return */ diff --git a/arch/arm/mach-davinci/include/mach/hardware.h b/arch/arm/mach-davinci/include/mach/hardware.h index 2a0360a..c31f38c 100644 --- a/arch/arm/mach-davinci/include/mach/hardware.h +++ b/arch/arm/mach-davinci/include/mach/hardware.h @@ -475,12 +475,15 @@ int clk_get(enum davinci_clk_ids id); /* Boot config */ struct davinci_syscfg_regs { dv_reg revid; - dv_reg rsvd[13]; + dv_reg rsvd[7]; + dv_reg bootcfg; + dv_reg chiprevidr; + dv_reg rsvd2[4]; dv_reg kick0; dv_reg kick1; dv_reg rsvd1[52]; dv_reg mstpri[3]; - dv_reg rsvd2; + dv_reg rsvd3; dv_reg pinmux[20]; dv_reg suspsrc; dv_reg chipsig; @@ -495,6 +498,15 @@ struct davinci_syscfg_regs { #define davinci_syscfg_regs \ ((struct davinci_syscfg_regs *)DAVINCI_BOOTCFG_BASE) +enum { + DAVINCI_NAND8_BOOT = 0b001110, + DAVINCI_NAND16_BOOT = 0b010000, + DAVINCI_SD_OR_MMC_BOOT = 0b011100, + DAVINCI_MMC_ONLY_BOOT = 0b111100, + DAVINCI_SPI0_FLASH_BOOT = 0b001010, + DAVINCI_SPI1_FLASH_BOOT = 0b001100, +}; + #define pinmux(x) (&davinci_syscfg_regs->pinmux[x]) /* Emulation suspend bits */ diff --git a/arch/arm/mach-davinci/spl.c b/arch/arm/mach-davinci/spl.c index 0aeaa7d..564c200 100644 --- a/arch/arm/mach-davinci/spl.c +++ b/arch/arm/mach-davinci/spl.c @@ -52,14 +52,27 @@ u32 spl_boot_mode(const u32 boot_device) u32 spl_boot_device(void) { -#ifdef CONFIG_SPL_NAND_SIMPLE - return BOOT_DEVICE_NAND; -#elif defined(CONFIG_SPL_SPI_LOAD) - return BOOT_DEVICE_SPI; -#elif defined(CONFIG_SPL_MMC_LOAD) - return BOOT_DEVICE_MMC1; -#else - puts("Unknown boot device\n"); - hang(); + switch (davinci_syscfg_regs->bootcfg) { +#ifdef CONFIG_SPL_NAND_SUPPORT + case DAVINCI_NAND8_BOOT: + case DAVINCI_NAND16_BOOT: + return BOOT_DEVICE_NAND; #endif + +#ifdef CONFIG_SPL_MMC_SUPPORT + case DAVINCI_SD_OR_MMC_BOOT: + case DAVINCI_MMC_ONLY_BOOT: + return BOOT_DEVICE_MMC1; +#endif + +#ifdef CONFIG_SPL_SPI_FLASH_SUPPORT + case DAVINCI_SPI0_FLASH_BOOT: + case DAVINCI_SPI1_FLASH_BOOT: + return BOOT_DEVICE_SPI; +#endif + + default: + puts("Unknown boot device\n"); + hang(); + } } diff --git a/arch/arm/mach-omap2/sec-common.c b/arch/arm/mach-omap2/sec-common.c index 246a239..c5a000a 100644 --- a/arch/arm/mach-omap2/sec-common.c +++ b/arch/arm/mach-omap2/sec-common.c @@ -21,7 +21,11 @@ #include <spl.h> /* Index for signature verify ROM API */ +#ifdef CONFIG_AM33XX +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) +#else #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) +#endif static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN); diff --git a/board/isee/igep00x0/MAINTAINERS b/board/isee/igep00x0/MAINTAINERS index d355c46..720ef2a 100644 --- a/board/isee/igep00x0/MAINTAINERS +++ b/board/isee/igep00x0/MAINTAINERS @@ -6,9 +6,3 @@ F: include/configs/omap3_igep00x0.h F: configs/igep0020_defconfig F: configs/igep0030_defconfig F: configs/igep0032_defconfig - -IGEP0020_NAND BOARD -#M: - -S: Maintained -F: configs/igep0020_nand_defconfig -F: configs/igep0030_nand_defconfig diff --git a/board/isee/igep00x0/igep00x0.c b/board/isee/igep00x0/igep00x0.c index 669f3dd..ae7959b 100644 --- a/board/isee/igep00x0/igep00x0.c +++ b/board/isee/igep00x0/igep00x0.c @@ -23,6 +23,8 @@ #include <linux/mtd/nand.h> #include <linux/mtd/onenand.h> #include <jffs2/load_kernel.h> +#include <mtd_node.h> +#include <fdt_support.h> #include "igep00x0.h" DECLARE_GLOBAL_DATA_PTR; @@ -210,6 +212,21 @@ void board_mmc_power_init(void) } #endif +#ifdef CONFIG_OF_BOARD_SETUP +int ft_board_setup(void *blob, bd_t *bd) +{ +#ifdef CONFIG_FDT_FIXUP_PARTITIONS + static struct node_info nodes[] = { + { "ti,omap2-nand", MTD_DEV_TYPE_NAND, }, + { "ti,omap2-onenand", MTD_DEV_TYPE_ONENAND, }, + }; + + fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes)); +#endif + return 0; +} +#endif + void set_fdt(void) { switch (gd->bd->bi_arch_number) { @@ -28,14 +28,15 @@ static int do_sata(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) if (sata_curr_device != -1) sata_stop(); - return sata_initialize(); + return (sata_initialize() < 0) ? + CMD_RET_FAILURE : CMD_RET_SUCCESS; } /* If the user has not yet run `sata init`, do it now */ if (sata_curr_device == -1) { rc = sata_initialize(); if (rc == -1) - return rc; + return CMD_RET_FAILURE; sata_curr_device = rc; } diff --git a/common/spl/Kconfig b/common/spl/Kconfig index cba51f5..b1aa148 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -449,6 +449,23 @@ config SPL_POWER_SUPPORT in drivers/power, drivers/power/pmic and drivers/power/regulator as part of an SPL build. +config SPL_RAM_SUPPORT + bool "Support booting from RAM" + depends on SPL + default y if MICROBLAZE || ARCH_SOCFPGA || TEGRA || ARCH_ZYNQ + help + Enable booting of an image in RAM. The image can be preloaded or + it can be loaded by SPL directly into RAM (e.g. using USB). + +config SPL_RAM_DEVICE + bool "Support booting from preloaded image in RAM" + depends on SPL_RAM_SUPPORT + default y if MICROBLAZE || ARCH_SOCFPGA || TEGRA || ARCH_ZYNQ + help + Enable booting of an image already loaded in RAM. The image has to + be already in memory when SPL takes over, e.g. loaded by the boot + ROM. + config SPL_SATA_SUPPORT bool "Support loading from SATA" depends on SPL @@ -549,7 +566,7 @@ choice config SPL_DFU_RAM bool "RAM device" - depends on SPL_DFU_SUPPORT + depends on SPL_DFU_SUPPORT && SPL_RAM_SUPPORT help select RAM/DDR memory device for loading binary images (u-boot/kernel) to the selected device partition using diff --git a/common/spl/Makefile b/common/spl/Makefile index ed02635..1933cbd 100644 --- a/common/spl/Makefile +++ b/common/spl/Makefile @@ -26,4 +26,5 @@ obj-$(CONFIG_SPL_EXT_SUPPORT) += spl_ext.o obj-$(CONFIG_SPL_SATA_SUPPORT) += spl_sata.o obj-$(CONFIG_SPL_DFU_SUPPORT) += spl_dfu.o obj-$(CONFIG_SPL_SPI_LOAD) += spl_spi.o +obj-$(CONFIG_SPL_RAM_SUPPORT) += spl_ram.o endif diff --git a/common/spl/spl.c b/common/spl/spl.c index e512ee0..8fb8da4 100644 --- a/common/spl/spl.c +++ b/common/spl/spl.c @@ -167,66 +167,16 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) (image_entry_noargs_t)spl_image->entry_point; debug("image entry point: 0x%lX\n", spl_image->entry_point); - image_entry(); -} - -#ifndef CONFIG_SPL_LOAD_FIT_ADDRESS -# define CONFIG_SPL_LOAD_FIT_ADDRESS 0 -#endif - -#if defined(CONFIG_SPL_RAM_DEVICE) || defined(CONFIG_SPL_DFU_SUPPORT) -static ulong spl_ram_load_read(struct spl_load_info *load, ulong sector, - ulong count, void *buf) -{ - debug("%s: sector %lx, count %lx, buf %lx\n", - __func__, sector, count, (ulong)buf); - memcpy(buf, (void *)(CONFIG_SPL_LOAD_FIT_ADDRESS + sector), count); - return count; -} - -static int spl_ram_load_image(struct spl_image_info *spl_image, - struct spl_boot_device *bootdev) -{ - struct image_header *header; - - header = (struct image_header *)CONFIG_SPL_LOAD_FIT_ADDRESS; - -#if defined(CONFIG_SPL_DFU_SUPPORT) - if (bootdev->boot_device == BOOT_DEVICE_DFU) - spl_dfu_cmd(0, "dfu_alt_info_ram", "ram", "0"); +#if defined(CONFIG_ARMV8_SPIN_TABLE) && defined(CONFIG_ARMV8_MULTIENTRY) + /* + * Release all slave cores from CPU_RELEASE_ADDR so they could + * arrive to the spin-table code in start.S of the u-boot + */ + *(ulong *)CPU_RELEASE_ADDR = (ulong)spl_image->entry_point; #endif - if (IS_ENABLED(CONFIG_SPL_LOAD_FIT) && - image_get_magic(header) == FDT_MAGIC) { - struct spl_load_info load; - - debug("Found FIT\n"); - load.bl_len = 1; - load.read = spl_ram_load_read; - spl_load_simple_fit(spl_image, &load, 0, header); - } else { - debug("Legacy image\n"); - /* - * Get the header. It will point to an address defined by - * handoff which will tell where the image located inside - * the flash. For now, it will temporary fixed to address - * pointed by U-Boot. - */ - header = (struct image_header *) - (CONFIG_SYS_TEXT_BASE - sizeof(struct image_header)); - - spl_parse_image_header(spl_image, header); - } - - return 0; + image_entry(); } -#if defined(CONFIG_SPL_RAM_DEVICE) -SPL_LOAD_IMAGE_METHOD("RAM", 0, BOOT_DEVICE_RAM, spl_ram_load_image); -#endif -#if defined(CONFIG_SPL_DFU_SUPPORT) -SPL_LOAD_IMAGE_METHOD("USB DFU", 0, BOOT_DEVICE_DFU, spl_ram_load_image); -#endif -#endif int spl_init(void) { diff --git a/common/spl/spl_ram.c b/common/spl/spl_ram.c new file mode 100644 index 0000000..b2645a1 --- /dev/null +++ b/common/spl/spl_ram.c @@ -0,0 +1,73 @@ +/* + * (C) Copyright 2016 + * Xilinx, Inc. + * + * (C) Copyright 2016 + * Toradex AG + * + * Michal Simek <michal.simek@xilinx.com> + * Stefan Agner <stefan.agner@toradex.com> + * + * SPDX-License-Identifier: GPL-2.0+ + */ +#include <common.h> +#include <spl.h> +#include <libfdt.h> + +#ifndef CONFIG_SPL_LOAD_FIT_ADDRESS +# define CONFIG_SPL_LOAD_FIT_ADDRESS 0 +#endif + +static ulong spl_ram_load_read(struct spl_load_info *load, ulong sector, + ulong count, void *buf) +{ + debug("%s: sector %lx, count %lx, buf %lx\n", + __func__, sector, count, (ulong)buf); + memcpy(buf, (void *)(CONFIG_SPL_LOAD_FIT_ADDRESS + sector), count); + return count; +} + +static int spl_ram_load_image(struct spl_image_info *spl_image, + struct spl_boot_device *bootdev) +{ + struct image_header *header; + + header = (struct image_header *)CONFIG_SPL_LOAD_FIT_ADDRESS; + +#if defined(CONFIG_SPL_DFU_SUPPORT) + if (bootdev->boot_device == BOOT_DEVICE_DFU) + spl_dfu_cmd(0, "dfu_alt_info_ram", "ram", "0"); +#endif + + if (IS_ENABLED(CONFIG_SPL_LOAD_FIT) && + image_get_magic(header) == FDT_MAGIC) { + struct spl_load_info load; + + debug("Found FIT\n"); + load.bl_len = 1; + load.read = spl_ram_load_read; + spl_load_simple_fit(spl_image, &load, 0, header); + } else { + debug("Legacy image\n"); + /* + * Get the header. It will point to an address defined by + * handoff which will tell where the image located inside + * the flash. For now, it will temporary fixed to address + * pointed by U-Boot. + */ + header = (struct image_header *) + (CONFIG_SYS_TEXT_BASE - sizeof(struct image_header)); + + spl_parse_image_header(spl_image, header); + } + + return 0; +} +#if defined(CONFIG_SPL_RAM_DEVICE) +SPL_LOAD_IMAGE_METHOD("RAM", 0, BOOT_DEVICE_RAM, spl_ram_load_image); +#endif +#if defined(CONFIG_SPL_DFU_SUPPORT) +SPL_LOAD_IMAGE_METHOD("DFU", 0, BOOT_DEVICE_DFU, spl_ram_load_image); +#endif + + diff --git a/configs/igep0020_defconfig b/configs/igep0020_defconfig index 0dd244e..50bb4ac 100644 --- a/configs/igep0020_defconfig +++ b/configs/igep0020_defconfig @@ -2,6 +2,7 @@ CONFIG_ARM=y CONFIG_OMAP34XX=y # CONFIG_SPL_EXT_SUPPORT is not set CONFIG_TARGET_OMAP3_IGEP00X0=y +CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_EXTRA_OPTIONS="MACH_TYPE=MACH_TYPE_IGEP0020" CONFIG_BOOTDELAY=3 CONFIG_SYS_CONSOLE_IS_IN_ENV=y @@ -36,3 +37,4 @@ CONFIG_NET_RANDOM_ETHADDR=y CONFIG_MMC_OMAP_HS=y CONFIG_SYS_NS16550=y CONFIG_OF_LIBFDT=y +CONFIG_FDT_FIXUP_PARTITIONS=y diff --git a/configs/igep0030_defconfig b/configs/igep0030_defconfig index 72fb874..42bd6fc 100644 --- a/configs/igep0030_defconfig +++ b/configs/igep0030_defconfig @@ -3,6 +3,7 @@ CONFIG_OMAP34XX=y # CONFIG_SPL_EXT_SUPPORT is not set CONFIG_TARGET_OMAP3_IGEP00X0=y CONFIG_DISTRO_DEFAULTS=y +CONFIG_OF_BOARD_SETUP=y CONFIG_SYS_EXTRA_OPTIONS="MACH_TYPE=MACH_TYPE_IGEP0030" CONFIG_BOOTDELAY=3 CONFIG_SYS_CONSOLE_IS_IN_ENV=y @@ -28,3 +29,4 @@ CONFIG_NET_RANDOM_ETHADDR=y CONFIG_MMC_OMAP_HS=y CONFIG_SYS_NS16550=y CONFIG_OF_LIBFDT=y +CONFIG_FDT_FIXUP_PARTITIONS=y diff --git a/configs/igep0032_defconfig b/configs/igep0032_defconfig index 1318e5b..01adb20 100644 --- a/configs/igep0032_defconfig +++ b/configs/igep0032_defconfig @@ -3,6 +3,7 @@ CONFIG_OMAP34XX=y # CONFIG_SPL_EXT_SUPPORT is not set CONFIG_TARGET_OMAP3_IGEP00X0=y CONFIG_DISTRO_DEFAULTS=y +CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=3 CONFIG_SYS_CONSOLE_IS_IN_ENV=y CONFIG_SYS_CONSOLE_INFO_QUIET=y @@ -27,3 +28,4 @@ CONFIG_NET_RANDOM_ETHADDR=y CONFIG_MMC_OMAP_HS=y CONFIG_SYS_NS16550=y CONFIG_OF_LIBFDT=y +CONFIG_FDT_FIXUP_PARTITIONS=y diff --git a/configs/omapl138_lcdk_defconfig b/configs/omapl138_lcdk_defconfig index d030ffa..77ede8a 100644 --- a/configs/omapl138_lcdk_defconfig +++ b/configs/omapl138_lcdk_defconfig @@ -3,6 +3,7 @@ CONFIG_ARCH_DAVINCI=y CONFIG_TARGET_OMAPL138_LCDK=y CONFIG_SPL_LIBCOMMON_SUPPORT=y CONFIG_SPL_LIBGENERIC_SUPPORT=y +CONFIG_SPL_MMC_SUPPORT=y CONFIG_SPL_NAND_SUPPORT=y CONFIG_SPL_SERIAL_SUPPORT=y CONFIG_BOOTDELAY=3 diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt index e487401..7cdb7bf 100644 --- a/doc/uImage.FIT/signature.txt +++ b/doc/uImage.FIT/signature.txt @@ -385,6 +385,149 @@ Test Verified Boot Run: signed config with bad hash: OK Test passed +Hardware Signing with PKCS#11 +----------------------------- + +Securely managing private signing keys can challenging, especially when the +keys are stored on the file system of a computer that is connected to the +Internet. If an attacker is able to steal the key, they can sign malicious FIT +images which will appear genuine to your devices. + +An alternative solution is to keep your signing key securely stored on hardware +device like a smartcard, USB token or Hardware Security Module (HSM) and have +them perform the signing. PKCS#11 is standard for interfacing with these crypto +device. + +Requirements: +Smartcard/USB token/HSM which can work with the pkcs11 engine +openssl +libp11 (provides pkcs11 engine) +p11-kit (recommended to simplify setup) +opensc (for smartcards and smartcard like USB devices) +gnutls (recommended for key generation, p11tool) + +The following examples use the Nitrokey Pro. Instructions for other devices may vary. + +Notes on pkcs11 engine setup: + +Make sure p11-kit, opensc are installed and that p11-kit is setup to use opensc. +/usr/share/p11-kit/modules/opensc.module should be present on your system. + + +Generating Keys On the Nitrokey: + +$ gpg --card-edit + +Reader ...........: Nitrokey Nitrokey Pro (xxxxxxxx0000000000000000) 00 00 +Application ID ...: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +Version ..........: 2.1 +Manufacturer .....: ZeitControl +Serial number ....: xxxxxxxx +Name of cardholder: [not set] +Language prefs ...: de +Sex ..............: unspecified +URL of public key : [not set] +Login data .......: [not set] +Signature PIN ....: forced +Key attributes ...: rsa2048 rsa2048 rsa2048 +Max. PIN lengths .: 32 32 32 +PIN retry counter : 3 0 3 +Signature counter : 0 +Signature key ....: [none] +Encryption key....: [none] +Authentication key: [none] +General key info..: [none] + +gpg/card> generate +Make off-card backup of encryption key? (Y/n) n + +Please note that the factory settings of the PINs are + PIN = '123456' Admin PIN = '12345678' +You should change them using the command --change-pin + +What keysize do you want for the Signature key? (2048) 4096 +The card will now be re-configured to generate a key of 4096 bits +Note: There is no guarantee that the card supports the requested size. + If the key generation does not succeed, please check the + documentation of your card to see what sizes are allowed. +What keysize do you want for the Encryption key? (2048) 4096 +The card will now be re-configured to generate a key of 4096 bits +What keysize do you want for the Authentication key? (2048) 4096 +The card will now be re-configured to generate a key of 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years +Key is valid for? (0) +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: John Doe +Email address: john.doe@email.com +Comment: +You selected this USER-ID: + "John Doe <john.doe@email.com>" + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o + + +Using p11tool to get the token URL: + +Depending on system configuration, gpg-agent may need to be killed first. + +$ p11tool --provider /usr/lib/opensc-pkcs11.so --list-tokens +Token 0: +URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29 +Label: OpenPGP card (User PIN (sig)) +Type: Hardware token +Manufacturer: ZeitControl +Model: PKCS#15 emulated +Serial: 000xxxxxxxxx +Module: (null) + + +Token 1: +URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%29 +Label: OpenPGP card (User PIN) +Type: Hardware token +Manufacturer: ZeitControl +Model: PKCS#15 emulated +Serial: 000xxxxxxxxx +Module: (null) + +Use the portion of the signature token URL after "pkcs11:" as the keydir argument (-k) to mkimage below. + + +Use the URL of the token to list the private keys: + +$ p11tool --login --provider /usr/lib/opensc-pkcs11.so --list-privkeys \ +"pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" +Token 'OpenPGP card (User PIN (sig))' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29' requires user PIN +Enter PIN: +Object 0: +URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29;id=%01;object=Signature%20key;type=private +Type: Private key +Label: Signature key +Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE; +ID: 01 + +Use the label, in this case "Signature key" as the key-name-hint in your FIT. + +Create the fitImage: +$ ./tools/mkimage -f fit-image.its fitImage + + +Sign the fitImage with the hardware key: + +$ ./tools/mkimage -F -k \ +"model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" \ +-K u-boot.dtb -N pkcs11 -r fitImage + + Future Work ----------- - Roll-back protection using a TPM is done using the tpm command. This can diff --git a/drivers/mtd/nand/omap_gpmc.c b/drivers/mtd/nand/omap_gpmc.c index d1e1bdd..f4f0de3 100644 --- a/drivers/mtd/nand/omap_gpmc.c +++ b/drivers/mtd/nand/omap_gpmc.c @@ -656,14 +656,14 @@ static int omap_correct_data_bch_sw(struct mtd_info *mtd, u_char *data, struct nand_chip *chip = mtd_to_nand(mtd); struct omap_nand_info *info = nand_get_controller_data(chip); - count = decode_bch(info->control, NULL, 512, read_ecc, calc_ecc, - NULL, errloc); + count = decode_bch(info->control, NULL, SECTOR_BYTES, + read_ecc, calc_ecc, NULL, errloc); if (count > 0) { /* correct errors */ for (i = 0; i < count; i++) { /* correct data only, not ecc bytes */ - if (errloc[i] < 8*512) - data[errloc[i]/8] ^= 1 << (errloc[i] & 7); + if (errloc[i] < SECTOR_BYTES << 3) + data[errloc[i] >> 3] ^= 1 << (errloc[i] & 7); debug("corrected bitflip %u\n", errloc[i]); #ifdef DEBUG puts("read_ecc: "); diff --git a/drivers/rtc/Kconfig b/drivers/rtc/Kconfig index 57af1b5..cb79a01 100644 --- a/drivers/rtc/Kconfig +++ b/drivers/rtc/Kconfig @@ -17,6 +17,10 @@ config RTC_PCF2127 bool "Enable PCF2127 driver" depends on DM_RTC help - Enable pcf2127 driver which provides rtc get and set function + The PCF2127 is a CMOS Real Time Clock (RTC) and calendar with an integrated + Temperature Compensated Crystal (Xtal) Oscillator (TCXO) and a 32.768 kHz quartz + crystal optimized for very high accuracy and very low power consumption. The PCF2127 + has a selectable I2C-bus or SPI-bus, a backup battery switch-over circuit, a + programmable watchdog function, a timestamp function, and many other features. endmenu diff --git a/drivers/rtc/pcf2127.c b/drivers/rtc/pcf2127.c index bc59c6c..dcf0340 100644 --- a/drivers/rtc/pcf2127.c +++ b/drivers/rtc/pcf2127.c @@ -11,21 +11,21 @@ #include <i2c.h> #include <rtc.h> -#define PCF2127_REG_CTRL1 (0x00) -#define PCF2127_REG_CTRL2 (0x01) -#define PCF2127_REG_CTRL3 (0x02) -#define PCF2127_REG_SC (0x03) /* datetime */ -#define PCF2127_REG_MN (0x04) -#define PCF2127_REG_HR (0x05) -#define PCF2127_REG_DM (0x06) -#define PCF2127_REG_DW (0x07) -#define PCF2127_REG_MO (0x08) -#define PCF2127_REG_YR (0x09) +#define PCF2127_REG_CTRL1 0x00 +#define PCF2127_REG_CTRL2 0x01 +#define PCF2127_REG_CTRL3 0x02 +#define PCF2127_REG_SC 0x03 +#define PCF2127_REG_MN 0x04 +#define PCF2127_REG_HR 0x05 +#define PCF2127_REG_DM 0x06 +#define PCF2127_REG_DW 0x07 +#define PCF2127_REG_MO 0x08 +#define PCF2127_REG_YR 0x09 static int pcf2127_rtc_set(struct udevice *dev, const struct rtc_time *tm) { uchar buf[8]; - int i = 0; + int i = 0, ret; /* start register address */ buf[i++] = PCF2127_REG_SC; @@ -44,21 +44,22 @@ static int pcf2127_rtc_set(struct udevice *dev, const struct rtc_time *tm) buf[i++] = bin2bcd(tm->tm_year % 100); /* write register's data */ - if (dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, sizeof(buf)) < 0) - return -1; + ret = dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, sizeof(buf)); - return 0; + return ret; } static int pcf2127_rtc_get(struct udevice *dev, struct rtc_time *tm) { - int rel = 0; + int ret = 0; uchar buf[10] = { PCF2127_REG_CTRL1 }; - if (dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, 1) < 0) - return -1; - if (dm_i2c_read(dev, PCF2127_REG_CTRL1, buf, sizeof(buf)) < 0) - return -1; + ret = dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, 1); + if (ret < 0) + return ret; + ret = dm_i2c_read(dev, PCF2127_REG_CTRL1, buf, sizeof(buf)); + if (ret < 0) + return ret; if (buf[PCF2127_REG_CTRL3] & 0x04) puts("### Warning: RTC Low Voltage - date/time not reliable\n"); @@ -79,12 +80,13 @@ static int pcf2127_rtc_get(struct udevice *dev, struct rtc_time *tm) tm->tm_year, tm->tm_mon, tm->tm_mday, tm->tm_wday, tm->tm_hour, tm->tm_min, tm->tm_sec); - return rel; + return ret; } static int pcf2127_rtc_reset(struct udevice *dev) { /*Doing nothing here*/ + return 0; } diff --git a/include/common.h b/include/common.h index ee0436b..695478c 100644 --- a/include/common.h +++ b/include/common.h @@ -20,8 +20,10 @@ typedef volatile unsigned char vu_char; #include <config.h> #include <errno.h> +#include <time.h> #include <asm-offsets.h> #include <linux/bitops.h> +#include <linux/delay.h> #include <linux/types.h> #include <linux/string.h> #include <linux/stringify.h> @@ -579,12 +581,6 @@ void ddr_enable_ecc(unsigned int dram_size); #endif #endif -/* - * Return the current value of a monotonically increasing microsecond timer. - * Granularity may be larger than 1us if hardware does not support this. - */ -ulong timer_get_us(void); - /* $(CPU)/cpu.c */ static inline int cpumask_next(int cpu, unsigned int mask) { @@ -723,7 +719,6 @@ void external_interrupt (struct pt_regs *); void irq_install_handler(int, interrupt_handler_t *, void *); void irq_free_handler (int); void reset_timer (void); -ulong get_timer (ulong base); /* Return value of monotonic microsecond timer */ unsigned long timer_get_us(void); @@ -779,7 +774,6 @@ uint64_t get_ticks(void); void wait_ticks (unsigned long); /* arch/$(ARCH)/lib/time.c */ -void __udelay (unsigned long); ulong usec2ticks (unsigned long usec); ulong ticks2usec (unsigned long ticks); int init_timebase (void); @@ -836,10 +830,6 @@ void qsort(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *)); int strcmp_compar(const void *, const void *); -/* lib/time.c */ -void udelay (unsigned long); -void mdelay(unsigned long); - /* lib/uuid.c */ #include <uuid.h> diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h index e78afde..0161dbe 100644 --- a/include/configs/am335x_evm.h +++ b/include/configs/am335x_evm.h @@ -347,6 +347,7 @@ #define CONFIG_ENV_OFFSET 0x0 #define CONFIG_ENV_OFFSET_REDUND (CONFIG_ENV_OFFSET + CONFIG_ENV_SIZE) #define CONFIG_SYS_REDUNDAND_ENVIRONMENT +#define CONFIG_SYS_MMC_MAX_DEVICE 2 #elif defined(CONFIG_NOR_BOOT) #define CONFIG_ENV_IS_IN_FLASH #define CONFIG_ENV_SECT_SIZE (128 << 10) /* 128 KiB */ diff --git a/include/configs/microblaze-generic.h b/include/configs/microblaze-generic.h index 36b0a0e..643413f 100644 --- a/include/configs/microblaze-generic.h +++ b/include/configs/microblaze-generic.h @@ -283,7 +283,6 @@ #define CONFIG_SPL_LDSCRIPT "arch/microblaze/cpu/u-boot-spl.lds" -#define CONFIG_SPL_RAM_DEVICE #ifdef CONFIG_SYS_FLASH_BASE # define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_FLASH_BASE #endif diff --git a/include/configs/omap3_logic.h b/include/configs/omap3_logic.h index b38811e..71ae2be 100644 --- a/include/configs/omap3_logic.h +++ b/include/configs/omap3_logic.h @@ -31,7 +31,6 @@ #define CONFIG_SETUP_MEMORY_TAGS #define CONFIG_INITRD_TAG #define CONFIG_REVISION_TAG -#define CONFIG_CMDLINE_EDITING /* cmd line edit/history */ /* Hardware drivers */ @@ -124,9 +123,7 @@ "saveenv;" #define CONFIG_EXTRA_ENV_SETTINGS \ - "loadaddr=0x81000000\0" \ - "uimage=uImage\0" \ - "zimage=zImage\0" \ + DEFAULT_LINUX_BOOT_ENV \ "mtdids=" MTDIDS_DEFAULT "\0" \ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "mmcdev=0\0" \ @@ -156,18 +153,17 @@ "${optargs};" \ "run addmtdparts; " \ "run vrfb_arg\0" \ - "loadbootscript=fatload mmc ${mmcdev} ${loadaddr} boot.scr\0" \ + "loadbootscript=load mmc ${mmcdev} ${loadaddr} boot.scr\0" \ "bootscript=echo 'Running bootscript from mmc ...'; " \ "source ${loadaddr}\0" \ "loaduimage=mmc rescan; " \ - "fatload mmc ${mmcdev} ${loadaddr} ${uimage}\0" \ + "load mmc ${mmcdev} ${loadaddr} uImage\0" \ "loadzimage=mmc rescan; " \ - "fatload mmc ${mmcdev} ${loadaddr} ${zimage}\0" \ + "load mmc ${mmcdev} ${loadaddr} zImage\0" \ "ramdisksize=64000\0" \ - "ramdiskaddr=0x82000000\0" \ "ramdiskimage=rootfs.ext2.gz.uboot\0" \ "loadramdisk=mmc rescan; " \ - "fatload mmc ${mmcdev} ${ramdiskaddr} ${ramdiskimage}\0" \ + "load mmc ${mmcdev} ${rdaddr} ${ramdiskimage}\0" \ "ramargs=run setconsole; setenv bootargs console=${console} " \ "root=/dev/ram rw ramdisk_size=${ramdisksize}\0" \ "mmcargs=run setconsole; setenv bootargs console=${console} " \ @@ -184,15 +180,14 @@ "ip=${ipaddr}:${tftpserver}:${gatewayip}:${netmask}::eth0:off\0" \ "nfsrootpath=/opt/nfs-exports/omap\0" \ "autoload=no\0" \ - "fdtaddr=0x86000000\0" \ - "loadfdtimage=mmc rescan; " \ - "fatload mmc ${mmcdev} ${fdtaddr} ${fdtimage}\0" \ + "loadfdt=mmc rescan; " \ + "load mmc ${mmcdev} ${fdtaddr} ${fdtimage}\0" \ "mmcbootz=echo Booting with DT from mmc${mmcdev} ...; " \ "run mmcargs; " \ "run common_bootargs; " \ "run dump_bootargs; " \ "run loadzimage; " \ - "run loadfdtimage; " \ + "run loadfdt; " \ "bootz ${loadaddr} - ${fdtaddr}\0" \ "mmcramboot=echo 'Booting uImage kernel from mmc w/ramdisk...'; " \ "run ramargs; " \ @@ -200,22 +195,22 @@ "run dump_bootargs; " \ "run loaduimage; " \ "run loadramdisk; " \ - "bootm ${loadaddr} ${ramdiskaddr}\0" \ + "bootm ${loadaddr} ${rdaddr}\0" \ "mmcrambootz=echo 'Booting zImage kernel from mmc w/ramdisk...'; " \ "run ramargs; " \ "run common_bootargs; " \ "run dump_bootargs; " \ "run loadzimage; " \ "run loadramdisk; " \ - "run loadfdtimage; " \ - "bootz ${loadaddr} ${ramdiskaddr} ${fdtaddr};\0" \ + "run loadfdt; " \ + "bootz ${loadaddr} ${rdaddr} ${fdtaddr};\0" \ "tftpboot=echo 'Booting kernel/ramdisk rootfs from tftp...'; " \ "run ramargs; " \ "run common_bootargs; " \ "run dump_bootargs; " \ "tftpboot ${loadaddr} ${zimage}; " \ - "tftpboot ${ramdiskaddr} ${ramdiskimage}; " \ - "bootm ${loadaddr} ${ramdiskaddr}\0" \ + "tftpboot ${rdaddr} ${ramdiskimage}; " \ + "bootm ${loadaddr} ${rdaddr}\0" \ "tftpbootz=echo 'Booting kernel NFS rootfs...'; " \ "dhcp;" \ "run nfsargs;" \ @@ -228,7 +223,6 @@ "run autoboot" /* Miscellaneous configurable options */ -#define CONFIG_AUTO_COMPLETE /* memtest works on */ #define CONFIG_SYS_MEMTEST_START (OMAP34XX_SDRC_CS0) diff --git a/include/configs/omapl138_lcdk.h b/include/configs/omapl138_lcdk.h index 4418b9b..43da339 100644 --- a/include/configs/omapl138_lcdk.h +++ b/include/configs/omapl138_lcdk.h @@ -315,9 +315,6 @@ #define CONFIG_CMD_UBIFS #endif -#ifdef CONFIG_USE_SPIFLASH -#endif - #if !defined(CONFIG_USE_NAND) && \ !defined(CONFIG_SYS_USE_NOR) && \ !defined(CONFIG_USE_SPIFLASH) diff --git a/include/configs/socfpga_common.h b/include/configs/socfpga_common.h index 7de9d86..6285266 100644 --- a/include/configs/socfpga_common.h +++ b/include/configs/socfpga_common.h @@ -306,7 +306,6 @@ unsigned int cm_get_qspi_controller_clk_hz(void); * 0xFFFF_FF00 ...... End of SRAM */ #define CONFIG_SPL_FRAMEWORK -#define CONFIG_SPL_RAM_DEVICE #define CONFIG_SPL_TEXT_BASE CONFIG_SYS_INIT_RAM_ADDR #define CONFIG_SPL_MAX_SIZE (64 * 1024) diff --git a/include/configs/tegra-common.h b/include/configs/tegra-common.h index 23a0e78..f30fec8 100644 --- a/include/configs/tegra-common.h +++ b/include/configs/tegra-common.h @@ -98,7 +98,6 @@ /* Defines for SPL */ #define CONFIG_SPL_FRAMEWORK -#define CONFIG_SPL_RAM_DEVICE #define CONFIG_SPL_BOARD_INIT #define CONFIG_SPL_NAND_SIMPLE #define CONFIG_SPL_MAX_FOOTPRINT (CONFIG_SYS_TEXT_BASE - \ diff --git a/include/configs/ti_armv7_common.h b/include/configs/ti_armv7_common.h index dbe494a..6a94cd7 100644 --- a/include/configs/ti_armv7_common.h +++ b/include/configs/ti_armv7_common.h @@ -124,8 +124,7 @@ "fit_bootfile=fitImage.itb\0" \ "update_to_fit=setenv loadaddr ${fit_loadaddr}; setenv bootfile ${fit_bootfile}\0" \ "args_fit=setenv bootargs console=${console} \0" \ - "loadfit=run args_fit; bootm ${loadaddr}:kernel@1 " \ - "${loadaddr}:ramdisk@1 ${loadaddr}:${fdtfile};\0" \ + "loadfit=run args_fit; bootm ${loadaddr}#${fdtfile};\0" \ /* * DDR information. If the CONFIG_NR_DRAM_BANKS is not defined, diff --git a/include/configs/xilinx_zynqmp.h b/include/configs/xilinx_zynqmp.h index ea4761c..bb749c5 100644 --- a/include/configs/xilinx_zynqmp.h +++ b/include/configs/xilinx_zynqmp.h @@ -288,7 +288,6 @@ #define CONFIG_SPL_FRAMEWORK #define CONFIG_SPL_BOARD_INIT -#define CONFIG_SPL_RAM_DEVICE /* u-boot is like dtb */ #define CONFIG_SPL_FS_LOAD_ARGS_NAME "u-boot.bin" diff --git a/include/configs/zynq-common.h b/include/configs/zynq-common.h index fd74e80..36dc140 100644 --- a/include/configs/zynq-common.h +++ b/include/configs/zynq-common.h @@ -290,7 +290,6 @@ #define CONFIG_CMD_SPL #define CONFIG_SPL_FRAMEWORK #define CONFIG_SPL_BOARD_INIT -#define CONFIG_SPL_RAM_DEVICE #define CONFIG_SPL_LDSCRIPT "arch/arm/mach-zynq/u-boot-spl.lds" diff --git a/include/image.h b/include/image.h index 0537678..6207d62 100644 --- a/include/image.h +++ b/include/image.h @@ -965,6 +965,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp); * @fit: Pointer to the FIT format image header * @comment: Comment to add to signature nodes * @require_keys: Mark all keys as 'required' + * @engine_id: Engine to use for signing * * Adds hash values for all component images in the FIT blob. * Hashes are calculated for all component images which have hash subnodes @@ -977,7 +978,8 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp); * libfdt error code, on failure */ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys); + const char *comment, int require_keys, + const char *engine_id); int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); @@ -1057,6 +1059,7 @@ struct image_sign_info { const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ + const char *engine_id; /* Engine to use for signing */ }; #endif /* Allow struct image_region to always be defined for rsa.h */ diff --git a/include/linux/compat.h b/include/linux/compat.h index 533983f..a43e4d6 100644 --- a/include/linux/compat.h +++ b/include/linux/compat.h @@ -15,8 +15,6 @@ struct p_current{ extern struct p_current *current; -#define ndelay(x) udelay((x) < 1000 ? 1 : (x)/1000) - #define dev_dbg(dev, fmt, args...) \ debug(fmt, ##args) #define dev_vdbg(dev, fmt, args...) \ diff --git a/include/linux/delay.h b/include/linux/delay.h new file mode 100644 index 0000000..3dcd435 --- /dev/null +++ b/include/linux/delay.h @@ -0,0 +1,24 @@ +/* + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _LINUX_DELAY_H +#define _LINUX_DELAY_H + +#include <linux/kernel.h> + +void __udelay(unsigned long usec); +void udelay(unsigned long usec); + +static inline void mdelay(unsigned long msec) +{ + while (msec--) + udelay(1000); +} + +static inline void ndelay(unsigned long nsec) +{ + udelay(DIV_ROUND_UP(nsec, 1000)); +} + +#endif /* defined(_LINUX_DELAY_H) */ diff --git a/include/linux/iopoll.h b/include/linux/iopoll.h new file mode 100644 index 0000000..31c55ae --- /dev/null +++ b/include/linux/iopoll.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved. + * + * SPDX-License-Identifier: GPL-2.0 + */ + +#ifndef _LINUX_IOPOLL_H +#define _LINUX_IOPOLL_H + +#include <linux/errno.h> +#include <linux/io.h> +#include <time.h> + +/** + * readx_poll_timeout - Periodically poll an address until a condition is met or a timeout occurs + * @op: accessor function (takes @addr as its only argument) + * @addr: Address to poll + * @val: Variable to read the value into + * @cond: Break condition (usually involving @val) + * @timeout_us: Timeout in us, 0 means never timeout + * + * Returns 0 on success and -ETIMEDOUT upon a timeout. In either + * case, the last read value at @addr is stored in @val. + * + * When available, you'll probably want to use one of the specialized + * macros defined below rather than this macro directly. + */ +#define readx_poll_timeout(op, addr, val, cond, timeout_us) \ +({ \ + unsigned long timeout = timer_get_us() + timeout_us; \ + for (;;) { \ + (val) = op(addr); \ + if (cond) \ + break; \ + if (timeout_us && time_after(timer_get_us(), timeout)) { \ + (val) = op(addr); \ + break; \ + } \ + } \ + (cond) ? 0 : -ETIMEDOUT; \ +}) + + +#define readb_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readb, addr, val, cond, timeout_us) + +#define readw_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readw, addr, val, cond, timeout_us) + +#define readl_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readl, addr, val, cond, timeout_us) + +#define readq_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readq, addr, val, cond, timeout_us) + +#define readb_relaxed_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readb_relaxed, addr, val, cond, timeout_us) + +#define readw_relaxed_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readw_relaxed, addr, val, cond, timeout_us) + +#define readl_relaxed_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readl_relaxed, addr, val, cond, timeout_us) + +#define readq_relaxed_poll_timeout(addr, val, cond, timeout_us) \ + readx_poll_timeout(readq_relaxed, addr, val, cond, timeout_us) + +#endif /* _LINUX_IOPOLL_H */ diff --git a/include/linux/typecheck.h b/include/linux/typecheck.h new file mode 100644 index 0000000..eb5b74a --- /dev/null +++ b/include/linux/typecheck.h @@ -0,0 +1,24 @@ +#ifndef TYPECHECK_H_INCLUDED +#define TYPECHECK_H_INCLUDED + +/* + * Check at compile time that something is of a particular type. + * Always evaluates to 1 so you may use it easily in comparisons. + */ +#define typecheck(type,x) \ +({ type __dummy; \ + typeof(x) __dummy2; \ + (void)(&__dummy == &__dummy2); \ + 1; \ +}) + +/* + * Check at compile time that 'function' is a certain type, or is a pointer + * to that type (needs to use typedef for the function type.) + */ +#define typecheck_fn(type,function) \ +({ typeof(type) __tmp = function; \ + (void)__tmp; \ +}) + +#endif /* TYPECHECK_H_INCLUDED */ diff --git a/include/time.h b/include/time.h new file mode 100644 index 0000000..5746ad9 --- /dev/null +++ b/include/time.h @@ -0,0 +1,57 @@ +/* + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _TIME_H +#define _TIME_H + +#include <linux/typecheck.h> + +unsigned long get_timer(unsigned long base); + +/* + * Return the current value of a monotonically increasing microsecond timer. + * Granularity may be larger than 1us if hardware does not support this. + */ +unsigned long timer_get_us(void); + +/* + * These inlines deal with timer wrapping correctly. You are + * strongly encouraged to use them + * 1. Because people otherwise forget + * 2. Because if the timer wrap changes in future you won't have to + * alter your driver code. + * + * time_after(a,b) returns true if the time a is after time b. + * + * Do this with "<0" and ">=0" to only test the sign of the result. A + * good compiler would generate better code (and a really good compiler + * wouldn't care). Gcc is currently neither. + */ +#define time_after(a,b) \ + (typecheck(unsigned long, a) && \ + typecheck(unsigned long, b) && \ + ((long)((b) - (a)) < 0)) +#define time_before(a,b) time_after(b,a) + +#define time_after_eq(a,b) \ + (typecheck(unsigned long, a) && \ + typecheck(unsigned long, b) && \ + ((long)((a) - (b)) >= 0)) +#define time_before_eq(a,b) time_after_eq(b,a) + +/* + * Calculate whether a is in the range of [b, c]. + */ +#define time_in_range(a,b,c) \ + (time_after_eq(a,b) && \ + time_before_eq(a,c)) + +/* + * Calculate whether a is in the range of [b, c). + */ +#define time_in_range_open(a,b,c) \ + (time_after_eq(a,b) && \ + time_before(a,c)) + +#endif /* _TIME_H */ diff --git a/lib/net_utils.c b/lib/net_utils.c index cfae842..d06be22 100644 --- a/lib/net_utils.c +++ b/lib/net_utils.c @@ -24,6 +24,14 @@ struct in_addr string_to_ip(const char *s) for (addr.s_addr = 0, i = 0; i < 4; ++i) { ulong val = s ? simple_strtoul(s, &e, 10) : 0; + if (val > 255) { + addr.s_addr = 0; + return addr; + } + if (i != 3 && *e != '.') { + addr.s_addr = 0; + return addr; + } addr.s_addr <<= 8; addr.s_addr |= (val & 0xFF); if (s) { diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 9a09280..8c6637e 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -14,6 +14,7 @@ #include <openssl/err.h> #include <openssl/ssl.h> #include <openssl/evp.h> +#include <openssl/engine.h> #if OPENSSL_VERSION_NUMBER >= 0x10000000L #define HAVE_ERR_REMOVE_THREAD_STATE @@ -31,14 +32,14 @@ static int rsa_err(const char *msg) } /** - * rsa_get_pub_key() - read a public key from a .crt file + * rsa_pem_get_pub_key() - read a public key from a .crt file * * @keydir: Directory containins the key * @name Name of key file (will have a .crt extension) * @rsap Returns RSA object, or NULL on failure * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) */ -static int rsa_get_pub_key(const char *keydir, const char *name, RSA **rsap) +static int rsa_pem_get_pub_key(const char *keydir, const char *name, RSA **rsap) { char path[1024]; EVP_PKEY *key; @@ -96,14 +97,90 @@ err_cert: } /** - * rsa_get_priv_key() - read a private key from a .key file + * rsa_engine_get_pub_key() - read a public key from given engine * - * @keydir: Directory containins the key + * @keydir: Key prefix + * @name Name of key + * @engine Engine to use + * @rsap Returns RSA object, or NULL on failure + * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) + */ +static int rsa_engine_get_pub_key(const char *keydir, const char *name, + ENGINE *engine, RSA **rsap) +{ + const char *engine_id; + char key_id[1024]; + EVP_PKEY *key; + RSA *rsa; + int ret; + + *rsap = NULL; + + engine_id = ENGINE_get_id(engine); + + if (engine_id && !strcmp(engine_id, "pkcs11")) { + if (keydir) + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;object=%s;type=public", + keydir, name); + else + snprintf(key_id, sizeof(key_id), + "pkcs11:object=%s;type=public", + name); + } else { + fprintf(stderr, "Engine not supported\n"); + return -ENOTSUP; + } + + key = ENGINE_load_public_key(engine, key_id, NULL, NULL); + if (!key) + return rsa_err("Failure loading public key from engine"); + + /* Convert to a RSA_style key. */ + rsa = EVP_PKEY_get1_RSA(key); + if (!rsa) { + rsa_err("Couldn't convert to a RSA style key"); + ret = -EINVAL; + goto err_rsa; + } + + EVP_PKEY_free(key); + *rsap = rsa; + + return 0; + +err_rsa: + EVP_PKEY_free(key); + return ret; +} + +/** + * rsa_get_pub_key() - read a public key + * + * @keydir: Directory containing the key (PEM file) or key prefix (engine) + * @name Name of key file (will have a .crt extension) + * @engine Engine to use + * @rsap Returns RSA object, or NULL on failure + * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) + */ +static int rsa_get_pub_key(const char *keydir, const char *name, + ENGINE *engine, RSA **rsap) +{ + if (engine) + return rsa_engine_get_pub_key(keydir, name, engine, rsap); + return rsa_pem_get_pub_key(keydir, name, rsap); +} + +/** + * rsa_pem_get_priv_key() - read a private key from a .key file + * + * @keydir: Directory containing the key * @name Name of key file (will have a .key extension) * @rsap Returns RSA object, or NULL on failure * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) */ -static int rsa_get_priv_key(const char *keydir, const char *name, RSA **rsap) +static int rsa_pem_get_priv_key(const char *keydir, const char *name, + RSA **rsap) { char path[1024]; RSA *rsa; @@ -130,6 +207,81 @@ static int rsa_get_priv_key(const char *keydir, const char *name, RSA **rsap) return 0; } +/** + * rsa_engine_get_priv_key() - read a private key from given engine + * + * @keydir: Key prefix + * @name Name of key + * @engine Engine to use + * @rsap Returns RSA object, or NULL on failure + * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) + */ +static int rsa_engine_get_priv_key(const char *keydir, const char *name, + ENGINE *engine, RSA **rsap) +{ + const char *engine_id; + char key_id[1024]; + EVP_PKEY *key; + RSA *rsa; + int ret; + + *rsap = NULL; + + engine_id = ENGINE_get_id(engine); + + if (engine_id && !strcmp(engine_id, "pkcs11")) { + if (keydir) + snprintf(key_id, sizeof(key_id), + "pkcs11:%s;object=%s;type=private", + keydir, name); + else + snprintf(key_id, sizeof(key_id), + "pkcs11:object=%s;type=private", + name); + } else { + fprintf(stderr, "Engine not supported\n"); + return -ENOTSUP; + } + + key = ENGINE_load_private_key(engine, key_id, NULL, NULL); + if (!key) + return rsa_err("Failure loading private key from engine"); + + /* Convert to a RSA_style key. */ + rsa = EVP_PKEY_get1_RSA(key); + if (!rsa) { + rsa_err("Couldn't convert to a RSA style key"); + ret = -EINVAL; + goto err_rsa; + } + + EVP_PKEY_free(key); + *rsap = rsa; + + return 0; + +err_rsa: + EVP_PKEY_free(key); + return ret; +} + +/** + * rsa_get_priv_key() - read a private key + * + * @keydir: Directory containing the key (PEM file) or key prefix (engine) + * @name Name of key + * @engine Engine to use for signing + * @rsap Returns RSA object, or NULL on failure + * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) + */ +static int rsa_get_priv_key(const char *keydir, const char *name, + ENGINE *engine, RSA **rsap) +{ + if (engine) + return rsa_engine_get_priv_key(keydir, name, engine, rsap); + return rsa_pem_get_priv_key(keydir, name, rsap); +} + static int rsa_init(void) { int ret; @@ -148,6 +300,45 @@ static int rsa_init(void) return 0; } +static int rsa_engine_init(const char *engine_id, ENGINE **pe) +{ + ENGINE *e; + int ret; + + ENGINE_load_builtin_engines(); + + e = ENGINE_by_id(engine_id); + if (!e) { + fprintf(stderr, "Engine isn't available\n"); + ret = -1; + goto err_engine_by_id; + } + + if (!ENGINE_init(e)) { + fprintf(stderr, "Couldn't initialize engine\n"); + ret = -1; + goto err_engine_init; + } + + if (!ENGINE_set_default_RSA(e)) { + fprintf(stderr, "Couldn't set engine as default for RSA\n"); + ret = -1; + goto err_set_rsa; + } + + *pe = e; + + return 0; + +err_set_rsa: + ENGINE_finish(e); +err_engine_init: + ENGINE_free(e); +err_engine_by_id: + ENGINE_cleanup(); + return ret; +} + static void rsa_remove(void) { CRYPTO_cleanup_all_ex_data(); @@ -160,6 +351,14 @@ static void rsa_remove(void) EVP_cleanup(); } +static void rsa_engine_remove(ENGINE *e) +{ + if (e) { + ENGINE_finish(e); + ENGINE_free(e); + } +} + static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, const struct image_region region[], int region_count, uint8_t **sigp, uint *sig_size) @@ -235,13 +434,20 @@ int rsa_sign(struct image_sign_info *info, uint8_t **sigp, uint *sig_len) { RSA *rsa; + ENGINE *e = NULL; int ret; ret = rsa_init(); if (ret) return ret; - ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa); + if (info->engine_id) { + ret = rsa_engine_init(info->engine_id, &e); + if (ret) + goto err_engine; + } + + ret = rsa_get_priv_key(info->keydir, info->keyname, e, &rsa); if (ret) goto err_priv; ret = rsa_sign_with_key(rsa, info->checksum, region, @@ -250,6 +456,8 @@ int rsa_sign(struct image_sign_info *info, goto err_sign; RSA_free(rsa); + if (info->engine_id) + rsa_engine_remove(e); rsa_remove(); return ret; @@ -257,6 +465,9 @@ int rsa_sign(struct image_sign_info *info, err_sign: RSA_free(rsa); err_priv: + if (info->engine_id) + rsa_engine_remove(e); +err_engine: rsa_remove(); return ret; } @@ -446,14 +657,20 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) int ret; int bits; RSA *rsa; + ENGINE *e = NULL; debug("%s: Getting verification data\n", __func__); - ret = rsa_get_pub_key(info->keydir, info->keyname, &rsa); + if (info->engine_id) { + ret = rsa_engine_init(info->engine_id, &e); + if (ret) + return ret; + } + ret = rsa_get_pub_key(info->keydir, info->keyname, e, &rsa); if (ret) - return ret; + goto err_get_pub_key; ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared); if (ret) - return ret; + goto err_get_params; bits = BN_num_bits(modulus); parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME); if (parent == -FDT_ERR_NOTFOUND) { @@ -518,7 +735,12 @@ done: BN_free(modulus); BN_free(r_squared); if (ret) - return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; + ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; +err_get_params: + RSA_free(rsa); +err_get_pub_key: + if (info->engine_id) + rsa_engine_remove(e); - return 0; + return ret; } @@ -154,9 +154,3 @@ void udelay(unsigned long usec) usec -= kv; } while(usec); } - -void mdelay(unsigned long msec) -{ - while (msec--) - udelay(1000); -} diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 13c975b..23be324 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -311,7 +311,7 @@ quiet_cmd_dtc = DTC $@ # Bring in any U-Boot-specific include after the '/dts-v1/;' header cmd_dtc = mkdir -p $(dir ${dtc-tmp}) ; \ cat $< $(if $(u_boot_dtsi),\ - | sed 's%^/ {$$%\#include \"$(u_boot_dtsi)\"\n&%') | \ + | sed '/^\/ {$$/{x;s%$$%\#include \"$(u_boot_dtsi)\"%;G;}') | \ $(CPP) $(dtc_cpp_flags) -x assembler-with-cpp -o $(dtc-tmp) - ; \ $(DTC) -O dtb -o $@ -b 0 \ -i $(dir $<) $(DTC_FLAGS) \ @@ -363,19 +363,25 @@ cmd_S_efi= \ $(obj)/%_efi.S: $(obj)/%.efi $(call cmd,S_efi) -$(obj)/%.efi: $(obj)/%.so - $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j .dynamic \ - -j .dynsym -j .rel* -j .rela* -j .reloc \ +quiet_cmd_efi_objcopy = OBJCOPY $@ +cmd_efi_objcopy = $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j \ + .dynamic -j .dynsym -j .rel* -j .rela* -j .reloc \ $(if $(EFI_TARGET),$(EFI_TARGET),-O binary) $^ $@ +$(obj)/%.efi: $(obj)/%.so + $(call cmd,efi_objcopy) + +quiet_cmd_efi_ld = LD $@ +cmd_efi_ld = $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared \ + -Bsymbolic $^ -o $@ + EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS) $(obj)/helloworld.so: $(EFI_LDS_PATH) $(obj)/helloworld.so: $(obj)/helloworld.o arch/$(ARCH)/lib/$(EFI_CRT0) \ arch/$(ARCH)/lib/$(EFI_RELOC) - $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared -Bsymbolic \ - $^ -o $@ + $(call cmd,efi_ld) # ACPI # --------------------------------------------------------------------------- diff --git a/tools/fit_image.c b/tools/fit_image.c index efd8a97..4dc8bd8 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -59,7 +59,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, if (!ret) { ret = fit_add_verification_data(params->keydir, dest_blob, ptr, params->comment, - params->require_keys); + params->require_keys, + params->engine_id); } if (dest_blob) { diff --git a/tools/image-host.c b/tools/image-host.c index c1a0122..5e4d690 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -149,7 +149,7 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, static int fit_image_setup_sig(struct image_sign_info *info, const char *keydir, void *fit, const char *image_name, - int noffset, const char *require_keys) + int noffset, const char *require_keys, const char *engine_id) { const char *node_name; char *algo_name; @@ -170,6 +170,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, info->checksum = image_get_checksum_algo(algo_name); info->crypto = image_get_crypto_algo(algo_name); info->require_keys = require_keys; + info->engine_id = engine_id; if (!info->checksum || !info->crypto) { printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n", algo_name, node_name, image_name); @@ -194,12 +195,13 @@ static int fit_image_setup_sig(struct image_sign_info *info, * @size: size of data in bytes * @comment: Comment to add to signature nodes * @require_keys: Mark all keys as 'required' + * @engine_id: Engine to use for signing * @return 0 if ok, -1 on error */ static int fit_image_process_sig(const char *keydir, void *keydest, void *fit, const char *image_name, int noffset, const void *data, size_t size, - const char *comment, int require_keys) + const char *comment, int require_keys, const char *engine_id) { struct image_sign_info info; struct image_region region; @@ -209,7 +211,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest, int ret; if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset, - require_keys ? "image" : NULL)) + require_keys ? "image" : NULL, engine_id)) return -1; node_name = fit_get_name(fit, noffset, NULL); @@ -288,11 +290,12 @@ static int fit_image_process_sig(const char *keydir, void *keydest, * @image_noffset: Requested component image node * @comment: Comment to add to signature nodes * @require_keys: Mark all keys as 'required' + * @engine_id: Engine to use for signing * @return: 0 on success, <0 on failure */ int fit_image_add_verification_data(const char *keydir, void *keydest, void *fit, int image_noffset, const char *comment, - int require_keys) + int require_keys, const char *engine_id) { const char *image_name; const void *data; @@ -329,7 +332,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest, strlen(FIT_SIG_NODENAME))) { ret = fit_image_process_sig(keydir, keydest, fit, image_name, noffset, data, size, - comment, require_keys); + comment, require_keys, engine_id); } if (ret) return ret; @@ -569,7 +572,8 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset, static int fit_config_process_sig(const char *keydir, void *keydest, void *fit, const char *conf_name, int conf_noffset, - int noffset, const char *comment, int require_keys) + int noffset, const char *comment, int require_keys, + const char *engine_id) { struct image_sign_info info; const char *node_name; @@ -587,7 +591,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, return -1; if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset, - require_keys ? "conf" : NULL)) + require_keys ? "conf" : NULL, engine_id)) return -1; ret = info.crypto->sign(&info, region, region_count, &value, @@ -635,7 +639,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, static int fit_config_add_verification_data(const char *keydir, void *keydest, void *fit, int conf_noffset, const char *comment, - int require_keys) + int require_keys, const char *engine_id) { const char *conf_name; int noffset; @@ -654,7 +658,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest, strlen(FIT_SIG_NODENAME))) { ret = fit_config_process_sig(keydir, keydest, fit, conf_name, conf_noffset, noffset, comment, - require_keys); + require_keys, engine_id); } if (ret) return ret; @@ -664,7 +668,8 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest, } int fit_add_verification_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys) + const char *comment, int require_keys, + const char *engine_id) { int images_noffset, confs_noffset; int noffset; @@ -687,7 +692,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, * i.e. component image node. */ ret = fit_image_add_verification_data(keydir, keydest, - fit, noffset, comment, require_keys); + fit, noffset, comment, require_keys, engine_id); if (ret) return ret; } @@ -710,7 +715,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, noffset = fdt_next_subnode(fit, noffset)) { ret = fit_config_add_verification_data(keydir, keydest, fit, noffset, comment, - require_keys); + require_keys, + engine_id); if (ret) return ret; } diff --git a/tools/imagetool.h b/tools/imagetool.h index 15c2a0c..a8d5054 100644 --- a/tools/imagetool.h +++ b/tools/imagetool.h @@ -76,6 +76,7 @@ struct image_tool_params { bool external_data; /* Store data outside the FIT */ bool quiet; /* Don't output text in normal operation */ unsigned int external_offset; /* Add padding to external data */ + const char *engine_id; /* Engine to use for signing */ }; /* diff --git a/tools/mkimage.c b/tools/mkimage.c index f48135f..b0c98f6 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -98,14 +98,15 @@ static void usage(const char *msg) " -i => input filename for ramdisk file\n"); #ifdef CONFIG_FIT_SIGNATURE fprintf(stderr, - "Signing / verified boot options: [-E] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r]\n" + "Signing / verified boot options: [-E] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" " -E => place data outside of the FIT structure\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" " -c => add comment in signature node\n" " -F => re-sign existing FIT image\n" " -p => place external data at a static position\n" - " -r => mark keys used as 'required' in dtb\n"); + " -r => mark keys used as 'required' in dtb\n" + " -N => engine to use for signing (pkcs11)\n"); #else fprintf(stderr, "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); @@ -143,7 +144,7 @@ static void process_args(int argc, char **argv) int opt; while ((opt = getopt(argc, argv, - "a:A:b:c:C:d:D:e:Ef:Fk:i:K:ln:p:O:rR:qsT:vVx")) != -1) { + "a:A:b:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qsT:vVx")) != -1) { switch (opt) { case 'a': params.addr = strtoull(optarg, &ptr, 16); @@ -224,6 +225,9 @@ static void process_args(int argc, char **argv) case 'n': params.imagename = optarg; break; + case 'N': + params.engine_id = optarg; + break; case 'O': params.os = genimg_get_os_id(optarg); if (params.os < 0) { |