summaryrefslogtreecommitdiff
path: root/include/image.h
Commit message (Collapse)AuthorAgeLines
* fit: make sha256 support optionalDirk Eibach2014-07-07-0/+5
| | | | | | | sha256 has some beefy memory footprint. Make it optional for constrained systems. Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
* includes: move openssl headers to include/u-bootJeroen Hofstee2014-06-19-1/+1
| | | | | | | | | | | | commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
* Enhance fit_check_sign to check all imagesSimon Glass2014-06-19-1/+4
| | | | | | | | | At present this tool only checks the configuration signing. Have it also look at each of the images in the configuration and confirm that they verify. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Heiko Schocher <hs@denx.de> (v1)
* image: Remove the fit_load_image() property parameterSimon Glass2014-06-19-2/+3
| | | | | | | This can be obtained by looking up the image type, so is redundant. It is better to centralise this lookup to avoid errors. Signed-off-by: Simon Glass <sjg@chromium.org>
* Prevent a buffer overflow in mkimage when signing with SHA256Michael van der Westhuizen2014-06-05-1/+2
| | | | | | | | | | | | | Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com> Acked-by: Simon Glass <sjg@chromium.org> [trini: Rework a bit so move the exportable parts of hash.h outside of !USE_HOSTCC and only need that as a new include to image.h] Signed-off-by: Tom Rini <trini@ti.com>
* bootm: make use of legacy image format configurableHeiko Schocher2014-06-05-0/+2
| | | | | | | | | | | | | | | | | | | | make the use of legacy image format configurable through the config define CONFIG_IMAGE_FORMAT_LEGACY. When relying on signed FIT images with required signature check the legacy image format should be disabled. Therefore introduce this new define and enable legacy image format if CONFIG_FIT_SIGNATURE is not set. If CONFIG_FIT_SIGNATURE is set disable per default the legacy image format. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org> Cc: Lars Steubesand <lars.steubesand@philips.com> Cc: Mike Pearce <mike@kaew.be> Cc: Wolfgang Denk <wd@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Michal Simek <monstr@monstr.eu> Acked-by: Simon Glass <sjg@chromium.org>
* mkimage: add atmelimageAndreas Bießmann2014-05-27-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new atmelimage converts a machine code BLOB to bootable ROM image. Atmel ROM has no sophisticated image format, it only checks the first 7 ARM vectors. The vectors can contain valid B or LDR opcodes, the 6'th vector contains the image size to load. Additionally the PMECC header can be written by the atmelimage target. The parameters must be given via the -n switch as a coma separated list. For example: mkimage -T atmelimage \ -n usePmecc=1,sectorPerPage=4,sectorSize=512,spareSize=64,eccBits=4,eccOffset=36 \ -d spl/u-boot-spl.bin boot.bin A provided image can be checked for correct header setup. It prints out the PMECC header parameters if it has one and the 6'th interrupt vector content. ---8<--- Image Type: ATMEL ROM-Boot Image with PMECC Header PMECC header ==================== eccOffset: 36 sectorSize: 512 eccBitReq: 4 spareSize: 64 nbSectorPerPage: 4 usePmecc: 1 ==================== 6'th vector has 17044 set --->8--- A SPL binary modified with the atmelimage mkimage target was succesfully booted on a sama5d34ek via MMC and NAND. Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Cc: Bo Shen <voice.shen@atmel.com> Cc: Heiko Schocher <hs@denx.de> Tested-by: Bo Shen <voice.shen@atmel.com>
* Merge branch 'master' of git://git.denx.de/u-boot-usbTom Rini2014-05-22-0/+13
|\
| * image: add support for Android's boot image formatSebastian Siewior2014-05-08-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for the Android boot-image format. The header file is from the Android project and got slightly alterted so the struct + its defines are not generic but have something like a namespace. The header file is from bootloader/legacy/include/boot/bootimg.h. The header parsing has been written from scratch and I looked at bootloader/legacy/usbloader/usbloader.c for some details. The image contains the physical address (load address) of the kernel and ramdisk. This address is considered only for the kernel image. The "second image" defined in the image header is currently not supported. I haven't found anything that is creating this. v3 (Rob Herring): This is based on http://patchwork.ozlabs.org/patch/126797/ with the following changes: - Rebased to current mainline - Moved android image handling to separate functions in common/image-android.c - s/u8/char/ in header to fix string function warnings - Use SPDX identifiers for licenses - Cleaned-up file source information: android_image.h is from file include/boot/bootimg.h in repository: https://android.googlesource.com/platform/bootable/bootloader/legacy The git commit hash is 4205b865141ff2e255fe1d3bd16de18e217ef06a usbloader.c would be from the same commit, but it does not appear to have been used for any actual code. v4: - s/andriod/android/ - Use a separate flag ep_found to track if the entry point has been set rather than using a magic value. Cc: Wolfgang Denk <wd@denx.de> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Rob Herring <robh@kernel.org> Reviewed-by: Tom Rini <trini@ti.com> Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
* | Merge branch 'u-boot/master'Albert ARIBAUD2014-05-09-2/+36
|\ \ | |/ | | | | | | | | | | Conflicts: drivers/net/Makefile (trivial merge)
| * tools, fit_check_sign: verify a signed fit imageHeiko Schocher2014-03-21-7/+10
| | | | | | | | | | | | | | | | add host tool "fit_check_sign" which verifies, if a fit image is signed correct. Signed-off-by: Heiko Schocher <hs@denx.de> Cc: Simon Glass <sjg@chromium.org>
| * rsa: add sha256,rsa4096 algorithmHeiko Schocher2014-03-21-0/+1
| | | | | | | | | | | | | | | | Add support for sha256,rsa4096 signatures in u-boot. Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org> Cc: andreas@oetken.name
| * rsa: add sha256-rsa2048 algorithmHeiko Schocher2014-03-21-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
| * fit: add sha256 supportHeiko Schocher2014-03-21-0/+9
| | | | | | | | | | | | | | add sha256 support to fit images Signed-off-by: Heiko Schocher <hs@denx.de> Acked-by: Simon Glass <sjg@chromium.org>
* | tools: mkimage: add support for gpimage formatKaricheri, Muralidharan2014-04-17-0/+1
|/ | | | | | | | | | | This patch add support for gpimage format as a preparatory patch for porting u-boot for keystone2 devices and is based on omapimage format. It re-uses gph header to store the size and loadaddr as done in omapimage.c Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Acked-by: Tom Rini <trini@ti.com>
* fdt: rename IMAAGE_OF_BOARD_SETUP to IMAGE_OF_BOARD_SETUPMasahiro Yamada2014-02-19-2/+2
| | | | | Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Acked-by: Simon Glass <sjg@chromium.org>
* arc: bdinfo, image and arc-specific init functions declarations supportAlexey Brodkin2014-02-07-0/+1
| | | | | | | | | Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com> Cc: Vineet Gupta <vgupta@synopsys.com> Cc: Francois Bedard <fbedard@synopsys.com> Cc: Wolfgang Denk <wd@denx.de> Cc: Heiko Schocher <hs@denx.de>
* arm64: core supportDavid Feng2014-01-09-0/+1
| | | | | | | Relocation code based on a patch by Scott Wood, which is: Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: David Feng <fenghua@phytium.com.cn>
* ARM: mxs: tools: Add mkimage support for MXS bootstreamMarek Vasut2013-08-31-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Add mkimage support for generating and verifying MXS bootstream. The implementation here is mostly a glue code between MXSSB v0.4 and mkimage, but the long-term goal is to rectify this and merge MXSSB with mkimage more tightly. Once this code is properly in U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage support. Note that the mxsimage generator needs libcrypto from OpenSSL, I therefore enabled the libcrypto/libssl unconditionally. MXSSB: http://git.denx.de/?p=mxssb.git;a=summary The code is based on research presented at: http://www.rockbox.org/wiki/SbFileFormat Signed-off-by: Marek Vasut <marex@denx.de> Cc: Tom Rini <trini@ti.com> Cc: Fabio Estevam <fabio.estevam@freescale.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Otavio Salvador <otavio@ossystems.com.br>
* Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk2013-07-24-18/+1
| | | | | | Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
* bootm: Use selected configuration for ramdisk and fdtSimon Glass2013-07-12-3/+4
| | | | | | | | | | | | | | | If a specific configuraion is selected by the bootm command, e.g. with 'bootm 84000000#recoveryconf' we must honour this for not just the kernel, but also the ramdisk and FDT. In the conversion to using a common fit_image_load() function for loading images from FITs (commits a51ec63 and 53f375f) this feature was lost. Reinstate it by passing the selected configuration back from fit_image_load() to boot_get_kernel(), then use this configuration (which is stored in images->fit_uname_cfg) in both boot_get_ramdisk() and boot_get_fdt(). Signed-off-by: Simon Glass <sjg@chromium.org>
* bootm: Clean up bootz_setup() functionSimon Glass2013-07-10-0/+11
| | | | | | | | | This function has no prototype in the headers and passes void * around, thus requiring several casts. Tidy this up. - Add new patch to clean up bootz_setup() function Signed-off-by: Simon Glass <sjg@chromium.org>
* mkimage: Build signing only if board has CONFIG_FIT_SIGNATURESimon Glass2013-06-28-3/+0
| | | | | | | | | | | | | | | | At present mkimage is set up to always build with image signing support. This means that the SSL libraries (e.g. libssl-dev) are always required. Adjust things so that mkimage can be built with and without image signing, controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file. If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning that signing is not supported. If the option is enabled, but libraries are not available, then a build error similar to this will be shown: lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add support for signing of FIT configurationsSimon Glass2013-06-26-0/+16
| | | | | | | | | | | | | | | | While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Support signing of imagesSimon Glass2013-06-26-4/+55
| | | | | | | | Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add signing infrastructureSimon Glass2013-06-26-2/+88
| | | | | | | Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org>
* Add a 'fake' go command to the bootm commandSimon Glass2013-06-26-1/+2
| | | | | | | | | | | | | | For tracing it is useful to run as much of U-Boot as possible so as to get a complete picture. Quite a bit of work happens in bootm, and we don't want to have to stop tracing before bootm starts. Add a way of doing a 'fake' boot of the OS - which does everything up to the point where U-Boot is about to jump to the OS image. This allows tracing to record right until the end. This requires arch support to work. Signed-off-by: Simon Glass <sjg@chromium.org>
* Refactor the bootm command to reduce code duplicationSimon Glass2013-06-26-7/+9
| | | | | | | | | | | | | | | | At present the bootm code is mostly duplicated for the plain 'bootm' command and its sub-command variant. This makes the code harder to maintain and means that changes must be made to several places. Introduce do_bootm_states() which performs selected portions of the bootm work, so that both plain 'bootm' and 'bootm <sub_command>' can use the same code. Additional duplication exists in bootz, so tidy that up as well. This is not intended to change behaviour, apart from minor fixes where the previously-duplicated code missed some chunks of code. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Use fit_image_load() to load kernelSimon Glass2013-06-04-1/+0
| | | | | | | Use the new common code to load a kernel. The functionality should not change. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Use fit_image_load() to load FDTSimon Glass2013-06-04-3/+3
| | | | | | | | Use the new common code to load a flat device tree. Also fix up a few casts so that this code works with sandbox. Other than that the functionality should not change. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Use fit_image_load() to load ramdiskSimon Glass2013-06-04-1/+0
| | | | | | | Use the new common code to load a ramdisk. The functionality should not change. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Introduce fit_image_load() to load images from FITsSimon Glass2013-06-04-2/+95
| | | | | | | | | | | At present code to load an image from a FIT is duplicated in the three places where it is needed (kernel, fdt, ramdisk). The differences between these different code copies is fairly minor. Create a new function in the fit code which can handle any of the requirements of those cases. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add device tree setup to image librarySimon Glass2013-05-14-9/+52
| | | | | | | | | | | This seems to be a common function for several architectures, so create a common function rather than duplicating the code in each arch. Also make an attempt to avoid introducing #ifdefs in the new code, partly by removing useless #ifdefs around function declarations in the image.h header. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPLSimon Glass2013-05-14-2/+31
| | | | | | | | This code is very large, and in SPL it isn't always useful to print out image information (in fact there might not even be a console active). So disable this feature unless this option is set. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Remove remaining #ifdefs in image-fit.cSimon Glass2013-05-14-0/+2
| | | | | | | There are only two left. One is unnecessary and the other can be moved to the header file. Signed-off-by: Simon Glass <sjg@chromium.org>
* sandbox: image: Add support for booting images in sandboxSimon Glass2013-05-14-1/+1
| | | | | | | | | | | | | | | | | Much of the image code uses addresses as ulongs and pointers interchangeably, casting between the two forms as needed. This doesn't work with sandbox, which has a U-Boot RAM buffer which is separate from the host machine's memory. Adjust the cost so that translating from a U-Boot address to a pointer uses map_sysmem(). This allows bootm to work correctly on sandbox. Note that there are no exhaustive tests for this code on sandbox, so it is possible that some dark corners remain. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1)
* image: Rename hash printing to fit_image_print_verification_data()Simon Glass2013-05-14-1/+0
| | | | | | | | This function will be used to print signatures as well as hashes, so rename it. Also make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* image: Rename fit_add_hashes() to fit_add_verification_data()Simon Glass2013-05-14-2/+8
| | | | | | | | | We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* image: Export fit_conf_get_prop_node()Simon Glass2013-05-14-0/+14
| | | | | | | This function will be needed by signature checking code, so export it, and also add docs. Signed-off-by: Simon Glass <sjg@chromium.org>
* image: Move hash checking into its own functionSimon Glass2013-05-14-3/+5
| | | | | | | | The existing function is long and most of the code is indented a long way. Before adding yet more code, split this out into its own function. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de> (v1)
* image: Rename fit_image_check_hashes() to fit_image_verify()Simon Glass2013-05-14-2/+2
| | | | | | | | | This is the main entry point to the FIT image verification code. We will be using it to handle image verification with signatures, so rename the function. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* image: Convert fit_image_hash_set_value() to static, and renameSimon Glass2013-05-14-2/+0
| | | | | | | | | This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* image: Move HOSTCC image code to tools/Simon Glass2013-05-14-0/+3
| | | | | | | | This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* image: Export fit_check_ramdisk()Simon Glass2013-05-14-0/+3
| | | | | | | | One we split out the FIT code from image.c we will need this function. Export it in the header. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
* image: Move timestamp #ifdefs to header fileSimon Glass2013-05-14-0/+8
| | | | | | | | | | | | | | | Rather than repeat the line #if defined(CONFIG_TIMESTAMP) || defined(CONFIG_CMD_DATE) || \ defined(USE_HOSTCC) everywhere, put this in a header file and #define IMAGE_ENABLE_TIMESTAMP to either 1 or 0. Then we can use a plain if() in most code and avoid the #ifdefs. The compiler's dead code elimination ensures that the result is the same. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Marek Vasut <marex@denx.de>
* image: Add support for Plan 9Steven Stallion2013-03-27-0/+1
| | | | | | Signed-off-by: Steven Stallion <sstallion@gmail.com> Cc: Tom Rini <trini@ti.com> Reviewed-by: Tom Rini <trini@ti.com>
* treewide: include libfdt_env.h before fdt.hKim Phillips2013-02-07-1/+0
| | | | | | | | | | | and, if including libfdt.h which includes libfdt_env.h in the correct order, don't include fdt.h before libfdt.h. this is needed to get the fdt type definitions set from the project environment before fdt.h uses them. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Cc: Jerry Van Baren <gvb.uboot@gmail.com>
* Merge branch 'u-boot-imx/master' into 'u-boot-arm/master'Albert ARIBAUD2013-01-08-0/+3
|\
| * tools: imximage: Load a size that is multiple of 512Fabio Estevam2013-01-05-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to mx53 ROM to properly load the U-boot image, its header size should be multiple of 512 bytes. This issue was observed with gcc 4.6.2/4.7.3, which caused data aborts: U-Boot 2013.01-rc2-00172-gf8cfcf1-dirty (Dec 26 2012 - 13:13:28) Board: MX53 LOCO I2C: ready DRAM: 1 GiB MMC: FSL_SDHC: 0, FSL_SDHC: 1 In: serial Out: serial Err: serial CPU: Freescale i.MX53 family rev2.1 at 1000 MHz Reset cause: WDOG Net: FEC Warning: FEC using MAC address from net device Hit any key to stop autoboot: 0 data abort MAYBE you should read doc/README.arm-unaligned-accesses pc : [<aff72220>] lr : [<aff721fc>] sp : af565e20 ip : af566918 fp : 00000000 r10: 00000003 r9 : affabb5b r8 : af565f58 r7 : 00000000 r6 : 36747fff r5 : af5668e8 r4 : 36747fff r3 : af5668ec r2 : af5668eb r1 : 00000000 r0 : af5668e8 Flags: NzcV IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... ,and this patch fixes it. Also, even though the ROUND macro is already defined in common.h, the reason for redefining it in image.h is explained by Stefano Babic: "I will remark a previous comment - even if including common.h seems a good idea to avoid duplications, it makes tools like mkimage to depend on the selected board, because <board>_config must run. Even if this is not a problem for us u-boot developers, it becomes an issue when these tools are included in distros (like u-boot-tools in Ubuntu) and cannot be packaged." Signed-off-by: Troy Kisky <troy.kisky@boundarydevices.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
* | env: Use getenv_yesno() more generallyJoe Hershberger2012-12-13-1/+0
|/ | | | | | | Move the getenv_yesno() to env_common.c and change most checks for 'y' or 'n' to use this helper. Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>