diff options
author | Philippe Reynes <philippe.reynes@softathome.com> | 2019-12-18 18:25:42 +0100 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2020-01-17 10:16:29 -0500 |
commit | 4df3578119b043d76b86b50077b06898fc2a4f62 (patch) | |
tree | 08667edb96f6a8efde767b10fabceafb746e3af7 /include/image.h | |
parent | 7298e422504ef4455160216b9b7a1baa1169283f (diff) |
u-boot: fit: add support to decrypt fit with aes
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Diffstat (limited to 'include/image.h')
-rw-r--r-- | include/image.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h index bb8abe566f..86ebaae4fe 100644 --- a/include/image.h +++ b/include/image.h @@ -1023,6 +1023,8 @@ int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset); int fit_image_get_data_position(const void *fit, int noffset, int *data_position); int fit_image_get_data_size(const void *fit, int noffset, int *data_size); +int fit_image_get_data_size_unciphered(const void *fit, int noffset, + size_t *data_size); int fit_image_get_data_and_size(const void *fit, int noffset, const void **data, size_t *size); @@ -1066,6 +1068,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); int fit_all_image_verify(const void *fit); +int fit_config_decrypt(const void *fit, int conf_noffset); int fit_image_check_os(const void *fit, int noffset, uint8_t os); int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); int fit_image_check_type(const void *fit, int noffset, uint8_t type); @@ -1293,6 +1296,11 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, int fit_image_check_sig(const void *fit, int noffset, const void *data, size_t size, int required_keynode, char **err_msgp); +int fit_image_decrypt_data(const void *fit, + int image_noffset, int cipher_noffset, + const void *data, size_t size, + void **data_unciphered, size_t *size_unciphered); + /** * fit_region_make_list() - Make a list of regions to hash * @@ -1367,6 +1375,10 @@ struct cipher_algo { int (*add_cipher_data)(struct image_cipher_info *info, void *keydest); + + int (*decrypt)(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *data_len); }; int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo); |