summaryrefslogtreecommitdiff
path: root/include/image.h
AgeCommit message (Collapse)Author
2019-01-01tools: add i.MX8M image supportPeng Fan
i.MX8M bootable image type is like i.MX6/7, but there is signed HDMI firmware image in front of A53 bootable image, which is also has an IVT header. Here we also include fit image to generate a bootable image. Signed-off-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Stefano Babic <sbabic@denx.de>
2018-12-03rsa: add support of padding pssPhilippe Reynes
We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03rsa: add a structure for the paddingPhilippe Reynes
The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-11-28tools: MediaTek: add MTK boot header generation to mkimageRyder Lee
This patch adds support for MTK boot image generation. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com> Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-10-22tools: add i.MX8/8X image supportPeng Fan
i.MX8/8X bootable image type is container type. The bootable image, containers a container set which supports two container. The 1st container is for SECO firmware, the 2nd container needs to include scfw, m4_0/1 image, ACore images per your requirement. Signed-off-by: Peng Fan <peng.fan@nxp.com>
2018-07-10mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signaturesAlex Kiernan
When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org>
2018-06-19ARM: image: Add option for ignoring ep bit 3Marek Vasut
Add option to the booti_setup() which indicates to it that the caller requires the image to be relocated to the beginning of the RAM and that the information whether the image can be located anywhere in RAM at 2 MiB aligned boundary or not is to be ignored. This is useful ie. in case the Image is wrapped in another envelope, ie. fitImage and not relocating it but moving it would corrupt the envelope. Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Bin Chen <bin.chen@linaro.org> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Tom Rini <trini@konsulko.com> Reviewed-By: Bin Chen <bin.chen@linaro.org>
2018-05-26add FIT data-position & data-offset property supportKelvin Cheung
Add FIT data-position & data-offset property support for bootm, which were already supported in SPL. Signed-off-by: Kelvin Cheung <keguang.zhang@gmail.com>
2018-05-23fit: Add standalone image type handlingMarek Vasut
Just add IH_TYPE_STANDALONE to fit_get_image_type_property(). Signed-off-by: Marek Vasut <marex@denx.de> Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com> Cc: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-23FIT: Make fit_conf_print() be a static functionTom Rini
We only call fit_conf_print from one place in the code, so mark it as static and move it up to where we call it. This in turn has us move a few other already static functions up further as well. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-11Merge tag 'xilinx-for-v2018.07' of git://www.denx.de/git/u-boot-microblazeTom Rini
Xilinx changes for v2018.07 microblaze: - Align defconfig zynq: - Rework fpga initialization and cpuinfo handling zynqmp: - Add ZynqMP R5 support - Wire and enable watchdog on zcu100-revC - Setup MMU map for DDR at run time - Show board info based on DT and cleanup IDENT_STRING zynqmp tools: - Add read partition support - Add initial support for Xilinx bif format for boot.bin generation mmc: - Fix get_timer usage on 64bit cpus - Add support for SD3.0 UHS mode nand-zynq: - Add support for 16bit buswidth - Use address cycles from onfi params scsi: - convert ceva sata to UCLASS_AHCI timer: - Add Cadence TTC for ZynqMP r5 watchdog: - Minor cadence driver cleanup
2018-05-11tools: zynqmpimage: Add bif supportAlexander Graf
The officially described way to generate boot.bin files for ZynqMP is to describe the contents of the target binary using a file of the "bif" format. This file then links to other files that all get packed into a bootable image. This patch adds support to read such a .bif file and generate a respective ZynqMP boot.bin file that can include the normal image and pmu files, but also supports image partitions now. This makes it a handy replacement for the proprietary "bootgen" utility that is currently used to generate boot.bin files with FSBL. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2018-05-08image: socfpga: Add SFP image version 1 definitionMarek Vasut
Add support for the SoCFPGA header v1, which is used on Arria 10. The layout of the v0 and v1 header is similar, yet there are a few differences which make it incompatible with previous v0 header, so add a new entry. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Dinh Nguyen <dinguyen@kernel.org> Cc: Chin Liang See <chin.liang.see@intel.com>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-04-06image: fit: Show firmware configuration property if presentMichal Simek
SPL ATF support requires to have firmware property which should be also listed by mkimage -l when images is created. The patch is also using this macro in spl_fit to match keyword. When image is created: Default Configuration: 'config' Configuration 0 (config) Description: ATF with full u-boot Kernel: unavailable Firmware: atf FDT: dtb Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Jun Nie <jun.nie@linaro.org> Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
2018-04-01image.h: add forward declaration of struct fdt_regionMasahiro Yamada
This header needs to know 'fdt_region' is a struct for the fit_region_make_list() prototype. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2018-03-19image: Add IH_OS_TEE for TEE chain-load bootBryan O'Donoghue
This patch adds a new type IH_OS_TEE. This new OS type will be used for chain-loading to Linux via a TEE. With this patch in-place you can generate a bootable OPTEE image like this: mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee where "tee.bin" is the input binary prefixed with an OPTEE header and uTee.optee is the output prefixed with a u-boot wrapper header. This image type "-T kernel -O tee" is differentiated from the existing IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow control returns to u-boot) whereas for the new IH_OS_TEE control passes to the OPTEE firmware and the firmware chainloads onto Linux. Andrew Davis gave the following ASCII diagram: IH_OS_TEE: (mkimage -T kernel -O tee) Non-Secure Secure BootROM | ------------- | v SPL | v U-Boot ------> <----- OP-TEE | V Linux IH_TYPE_TEE: (mkimage -T tee) Non-Secure Secure BootROM | ------------- | v SPL -------> <----- OP-TEE | v U-Boot | V Linux Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Andrew F. Davis <afd@ti.com> Cc: Harinarayan Bhatta <harinarayan@ti.com> Cc: Andrew F. Davis <afd@ti.com> Cc: Tom Rini <trini@konsulko.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Peng Fan <peng.fan@nxp.com> Link: http://mrvan.github.io/optee-imx6ul
2018-03-19tools/mkimage: add support for STM32 image formatPatrick Delaunay
STM32MP157 bootrom needs a specific header for first boot stage. This patch adds support of this header in mkimage. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2018-03-19SPL: Add signature verification when loading imageJun Nie
U-boot proper signature is not verified by SPL on most platforms even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape platform support secure boot in platform specific code. So verified boot cannot be achieved if u-boot proper is loaded by SPL. This patch add signature verification to u-boot proper images when loading FIT image in SPL. It is tested on Allwinner bananapi zero board with H2+ SoC. Signed-off-by: Jun Nie <jun.nie@linaro.org>
2018-03-05libfdt: move headers to <linux/libfdt.h> and <linux/libfdt_env.h>Masahiro Yamada
Thomas reported U-Boot failed to build host tools if libfdt-devel package is installed because tools include libfdt headers from /usr/include/ instead of using internal ones. This commit moves the header code: include/libfdt.h -> include/linux/libfdt.h include/libfdt_env.h -> include/linux/libfdt_env.h and replaces include directives: #include <libfdt.h> -> #include <linux/libfdt.h> #include <libfdt_env.h> -> #include <linux/libfdt_env.h> Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-02-07move booti_setup to arch/arm/lig/image.cBin Chen
Follow bootz's pattern by moving the booti_setup to arch/arm/lib. This allows to use booti_setup in other paths, e.g booting an Android image containing Image format. Note that kernel relocation is move out of booti_setup and it is the caller's responsibility to do it and allows them do it differently. say, cmd/booti.c just do a manually, while in the bootm path, we can use bootm_load_os(with some changes). Signed-off-by: Bin Chen <bin.chen@linaro.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2018-02-07parse the second area of android imageBin Chen
The second area of android image was intended to put a 2nd stage bootloader but in practice were rarely used (in my knowledge). An proposal was made to the AOSP to (re)use the second area as the dtb[1], This patch itself doesn't depend on that proposal being accepted but it won't be that helpful as well if that proposal won't be accepted. But don't do any harm as well. [1] https://android-review.googlesource.com/#/c/417447/ Signed-off-by: Bin Chen <bin.chen@linaro.org> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
2018-01-15fix incorrect usage of DT node unit address in commentsAndre Przywara
The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the tree where node names were mentioned in comments, to not give bad examples to the reader. Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2018-01-12riscv: Modify generic codes to support RISC-VRick Chen
Support common commands bdinfo and image format, also modify common generic flow for RISC-V. Signed-off-by: Rick Chen <rick@andestech.com> Signed-off-by: Rick Chen <rickchen36@gmail.com> Signed-off-by: Greentime Hu <green.hu@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2017-12-12SPL: Add FIT data-position property supportPeng Fan
For external data, FIT has a optional property "data-position" which can set the external data to a fixed offset to FIT beginning. Add the support for this property in SPL FIT. Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tomas Melin <tomas.melin@vaisala.com> Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com> Cc: "Andrew F. Davis" <afd@ti.com> Cc: Igor Grinberg <grinberg@compulab.co.il> Cc: "tomas.melin@vaisala.com" <tomas.melin@vaisala.com> Cc: Kever Yang <kever.yang@rock-chips.com> Cc: Andre Przywara <andre.przywara@arm.com> Cc: York Sun <york.sun@nxp.com> Cc: Lokesh Vutla <lokeshvutla@ti.com> Cc: "Cooper Jr., Franklin" <fcooper@ti.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> Cc: Jean-Jacques Hiblot <jjhiblot@ti.com> Cc: Rick Altherr <raltherr@google.com> Cc: Tom Rini <trini@konsulko.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-11-26image: add IH_OS_ARM_TRUSTED_FIRMWARE for ARM Trusted FirmwarePhilipp Tomsich
To boot on ARMv8 systems with ARM Trusted Firmware, we need to assemble an ATF-specific parameter structure and also provide the address of the images started by ATF (e.g. BL3-3, which may be the full U-Boot). To allow us to identify an ARM Trusted Firmware contained in a FIT image, this adds the necessary definitions. Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-10-16common: Remove genimg_get_image()Tuomas Tynkkynen
Removal of the legacy DataFlash code turned genimg_get_image() into a no-op. Drop all calls to it and the function itself. Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
2017-10-05fit: If no matching config is found in fit_find_config_node(), use the ↵Jean-Jacques Hiblot
default one If board_fit_config_name_match() doesn't match any configuration node, then use the default one (if provided). Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-09-15fit: Introduce methods for applying overlays on fit-loadPantelis Antoniou
Introduce an overlay based method for constructing a base DT blob to pass to the kernel. It is based on a specific method now to get the FDT from a FIT image named boot_get_fdt_fit(). Signed-off-by: Pantelis Antoniou <pantelis.antoniou@konsulko.com> Acked-by: Simon Glass <sjg@chromium.org>
2017-09-12image: Add TI PMMC image typeAndrew F. Davis
Add a new image type representing TI Power Management Micro-Controller (PMMC) Firmware image type. Signed-off-by: Andrew F. Davis <afd@ti.com>
2017-08-16env: Rename some other getenv()-related functionsSimon Glass
We are now using an env_ prefix for environment functions. Rename these other functions as well, for consistency: getenv_vlan() getenv_bootm_size() getenv_bootm_low() getenv_bootm_mapsize() env_get_default() Suggested-by: Wolfgang Denk <wd@denx.de> Signed-off-by: Simon Glass <sjg@chromium.org>
2017-08-16env: Rename getenv/_f() to env_get()Simon Glass
We are now using an env_ prefix for environment functions. Rename these two functions for consistency. Also add function comments in common.h. Quite a few places use getenv() in a condition context, provoking a warning from checkpatch. These are fixed up in this patch also. Suggested-by: Wolfgang Denk <wd@denx.de> Signed-off-by: Simon Glass <sjg@chromium.org>
2017-07-10boot_fit: Create helper functions that can be used to select DTB out of FITCooper Jr., Franklin
Some platforms may append a FIT image to the U-boot image. This function aids in parsing the FIT image and selecting the correct DTB at runtime. Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2017-07-10spl: fit: Break out some functions into a common fileCooper Jr., Franklin
Some of the functions within spl_fit will be used for non spl purposes. Instead of duplicating functions simply break the functions to be reused into its own file. Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Only add the new define to image.h, otherwise we see breakage due to massive include leakage into host tools in some cases] Signed-off-by: Tom Rini <trini@konsulko.com>
2017-06-09armv8: Support loading 32-bit OS which is not in the form of FITAlison Wang
As only FIT image is supported now, this patch is to support loading 32-bit uImage, dtb and rootfs separately. Signed-off-by: Alison Wang <alison.wang@nxp.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2017-05-22lib: move hash CONFIG options to KconfigTom Rini
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support using hardware acceleration.") created entries for CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. However, no defconfig has migrated to it. Complete the move by first adding additional logic to various Kconfig files to select this when required and then use the moveconfig tool. In many cases we can select these because they are required to implement other drivers. We also correct how we include the various hashing algorithms in SPL. This commit was generated as follows (after Kconfig additions): [1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL Note: We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously because there is dependency between them. Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com> Cc: Naveen Burmi <NaveenBurmi@freescale.com> Cc: Po Liu <po.liu@freescale.com> Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com> Cc: Priyanka Jain <Priyanka.Jain@freescale.com> Cc: Shaohui Xie <Shaohui.Xie@freescale.com> Cc: Chunhe Lan <Chunhe.Lan@freescale.com> Cc: Chander Kashyap <k.chander@samsung.com> Cc: Steve Rae <steve.rae@raedomain.com> Cc: Dirk Eibach <eibach@gdsys.de> Cc: Feng Li <feng.li_2@nxp.com> Cc: Alison Wang <alison.wang@freescale.com> Cc: Sumit Garg <sumit.garg@nxp.com> Cc: Mingkai Hu <Mingkai.Hu@freescale.com> Cc: York Sun <york.sun@nxp.com> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Cc: Jaehoon Chung <jh80.chung@samsung.com> Cc: Akshay Saraswat <akshay.s@samsung.com> Cc: Heiko Schocher <hs@denx.de> Cc: Jagan Teki <jagan@amarulasolutions.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-05-22FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORTTom Rini
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space. Cc: Dirk Eibach <eibach@gdsys.de> Cc: Lukasz Dalek <luk0104@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-04-08image: Fixes build warning with CONFIG_FIT_IMAGE_POST_PROCESSMadan Srinivas
The function 'board_fit_image_post_process' is defined only when the config option CONFIG_FIT_IMAGE_POST_PROCESS is enabled. For secure systems that do not use SPL but do use FIT kernel images, only CONFIG_FIT_IMAGE_POST_PROCESS will be defined, which will result in an implicit declaration of function 'board_fit_image_post_process' warning while building u-boot. Fix this warning. Signed-off-by: Madan Srinivas <madans@ti.com> Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2017-03-17Kconfig: define MD5 dependency for FIT supportAndre Przywara
FIT images require MD5 support to verify image checksums. So far this was expressed by defining a CPP symbol in image.h. Since MD5 is now a first class Kconfig citizen, express that in Kconfig instead. Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-01-20bootm: relocate ramdisk if CONFIG_SYS_BOOT_RAMDISK_HIGH setRick Altherr
In 35fc84f, bootm was refactored so plain 'bootm' and 'bootm <subcommand>' shared a common implementation. The 'bootm ramdisk' command implementation is now part of the common implementation but not invoke by plain 'bootm' since the original implementation never did ramdisk relocation. Instead, ramdisk relocation happened in image_setup_linux() which is typically called during the OS portion of 'bootm'. On ARM, parameters to the Linux kernel can either be passed by FDT or ATAGS. When using FDT, image_setup_linux() is called which also triggers ramdisk relocation. When using ATAGS, image_setup_linux() is _not_ called because it mostly does FDT setup. Instead of calling image_setup_linux() in both FDT and ATAGS cases, include BOOTM_STATE_RAMDISK in the requested states during a plain 'bootm' if CONFIG_SYS_BOOT_RAMDISK_HIGH is set and remove the ramdisk relocation from image_setup_linux(). This causes ramdisk relocation to happen on any system where CONFIG_SYS_BOOT_RAMDISK_HIGH regardless of the OS being booted. Also remove IMAGE_ENABLE_RAMDISK_HIGH as it was only used by the now-removed code from image_setup_linux(). Signed-off-by: Rick Altherr <raltherr@google.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Joel Stanley <joel@jms.id.au>
2017-01-16Merge branch 'master' of git://git.denx.de/u-boot-videoTom Rini
2017-01-14mkimage: Add support for signing with pkcs11George McCollister
Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-13splash: add support for loading splash from a FIT imagetomas.melin@vaisala.com
Enable support for loading a splash image from within a FIT image. The image is assumed to be generated with mkimage -E flag to hold the data external to the FIT. Signed-off-by: Tomas Melin <tomas.melin@vaisala.com> Acked-by: Igor Grinberg <grinberg@compulab.co.il>
2017-01-02tools: mkimage: add firmware-ivt image type for HAB verificationSven Ebenfeld
When we want to use Secure Boot with HAB from SPL over U-Boot.img, we need to append the IVT to the image and leave space for the CSF. Images generated as firmware_ivt can directly be signed using the Freescale code signing tool. For creation of a CSF, mkimage outputs the correct HAB Blocks for the image. The changes to the usual firmware image class are quite small, that is why I implemented that directly into the default_image. Cc: sbabic@denx.de v2-Changes: None Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com> Reviewed-by: George McCollister <george.mccollister@gmail.com> Tested-by: George McCollister <george.mccollister@gmail.com>
2016-12-03image: Add Trusted Execution Environment image typeAndrew F. Davis
Add a new image type representing Trusted Execution Environment (TEE) image types. For example, an OP-TEE OS binary image. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-03image: Add FIT image loadable section custom processingAndrew F. Davis
To help automate the loading of custom image types we add the ability to define custom handlers for the loadable section types. When we find a compatible type while loading a "loadable" image from a FIT image we run its associated handlers to perform any additional steps needed for loading this image. Signed-off-by: Andrew F. Davis <afd@ti.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21image: Combine image_sig_algo with image_sign_infoAndrew Duda
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21image: Add crypto_algo struct for RSA infoAndrew Duda
Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21rsa: Verify RSA padding programaticallyAndrew Duda
Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21rsa: cosmetic: rename pad_len to key_lenAndrew Duda
checksum_algo's pad_len field isn't actually used to store the length of the padding but the total length of the RSA key (msg_len + pad_len) Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>