summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorAlbert ARIBAUD <albert.u.boot@aribaud.net>2014-05-09 10:47:05 +0200
committerAlbert ARIBAUD <albert.u.boot@aribaud.net>2014-05-09 11:50:14 +0200
commitd2a3e911390f9fc4d8c0ee4b3c7fc75f4fd3fd19 (patch)
treed71aae6d706d1f3b01da5f944e247abe308feea0 /tools
parent7904b70885f3c589c239f6ac978f299a6744557f (diff)
parent173d294b94cfec10063a5be40934d6d8fb7981ce (diff)
downloadu-boot-d2a3e911390f9fc4d8c0ee4b3c7fc75f4fd3fd19.tar.gz
u-boot-d2a3e911390f9fc4d8c0ee4b3c7fc75f4fd3fd19.tar.xz
u-boot-d2a3e911390f9fc4d8c0ee4b3c7fc75f4fd3fd19.zip
Merge branch 'u-boot/master'
Conflicts: drivers/net/Makefile (trivial merge)
Diffstat (limited to 'tools')
-rw-r--r--tools/.gitignore2
-rw-r--r--tools/Makefile14
-rwxr-xr-xtools/buildman/buildman.py3
-rw-r--r--tools/buildman/control.py2
-rw-r--r--tools/env/Makefile2
-rw-r--r--tools/env/fw_env.c129
-rw-r--r--tools/env/fw_env_main.c17
-rw-r--r--tools/fdt_host.h2
-rw-r--r--tools/fdtdec.c1
-rw-r--r--tools/fit_check_sign.c85
-rw-r--r--tools/fit_common.c86
-rw-r--r--tools/fit_common.h22
-rw-r--r--tools/fit_image.c62
-rw-r--r--tools/fit_info.c96
-rw-r--r--tools/image-host.c17
-rw-r--r--tools/rsa-checksum.c1
-rw-r--r--tools/rsa-verify.c1
-rw-r--r--tools/sha256.c1
18 files changed, 473 insertions, 70 deletions
diff --git a/tools/.gitignore b/tools/.gitignore
index 2a90dfe83a..b1e997fc3e 100644
--- a/tools/.gitignore
+++ b/tools/.gitignore
@@ -1,5 +1,7 @@
/bmp_logo
/envcrc
+/fit_check_sign
+/fit_info
/gen_eth_addr
/img2srec
/kwboot
diff --git a/tools/Makefile b/tools/Makefile
index 911ad43590..6e43a0150d 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -40,7 +40,6 @@ CONFIG_BUILD_ENVCRC ?= $(ENVCRC-y)
# TODO: CONFIG_CMD_LICENSE does not work
hostprogs-$(CONFIG_CMD_LICENSE) += bin2header$(SFX)
-
hostprogs-$(CONFIG_LCD_LOGO) += bmp_logo$(SFX)
hostprogs-$(CONFIG_VIDEO_LOGO) += bmp_logo$(SFX)
HOSTCFLAGS_bmp_logo$(SFX).o := -pedantic
@@ -61,17 +60,20 @@ hostprogs-y += mkenvimage$(SFX)
mkenvimage$(SFX)-objs := crc32.o mkenvimage.o os_support.o
hostprogs-y += dumpimage$(SFX) mkimage$(SFX)
+hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info$(SFX) fit_check_sign$(SFX)
FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig.o
# Flattened device tree objects
LIBFDT_OBJS := fdt.o fdt_ro.o fdt_rw.o fdt_strerror.o fdt_wip.o
-RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o
+RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := rsa-sign.o rsa-verify.o rsa-checksum.o
# common objs for dumpimage and mkimage
dumpimage-mkimage-objs := aisimage.o \
$(FIT_SIG_OBJS-y) \
crc32.o \
default_image.o \
+ fdtdec.o \
+ fit_common.o \
fit_image.o \
gpimage.o \
gpimage-common.o \
@@ -87,12 +89,15 @@ dumpimage-mkimage-objs := aisimage.o \
os_support.o \
pblimage.o \
sha1.o \
+ sha256.o \
ublimage.o \
$(LIBFDT_OBJS) \
$(RSA_OBJS-y)
dumpimage$(SFX)-objs := $(dumpimage-mkimage-objs) dumpimage.o
mkimage$(SFX)-objs := $(dumpimage-mkimage-objs) mkimage.o
+fit_info$(SFX)-objs := $(dumpimage-mkimage-objs) fit_info.o
+fit_check_sign$(SFX)-objs := $(dumpimage-mkimage-objs) fit_check_sign.o
# TODO(sjg@chromium.org): Is this correct on Mac OS?
@@ -100,6 +105,8 @@ mkimage$(SFX)-objs := $(dumpimage-mkimage-objs) mkimage.o
ifneq ($(CONFIG_MX23)$(CONFIG_MX28),)
HOSTLOADLIBES_dumpimage$(SFX) := -lssl -lcrypto
HOSTLOADLIBES_mkimage$(SFX) := -lssl -lcrypto
+HOSTLOADLIBES_fit_info$(SFX) := -lssl -lcrypto
+HOSTLOADLIBES_fit_check_sign$(SFX) := -lssl -lcrypto
# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register
# the mxsimage support within tools/mxsimage.c .
HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS
@@ -108,6 +115,8 @@ endif
ifdef CONFIG_FIT_SIGNATURE
HOSTLOADLIBES_dumpimage$(SFX) := -lssl -lcrypto
HOSTLOADLIBES_mkimage$(SFX) := -lssl -lcrypto
+HOSTLOADLIBES_fit_info$(SFX) := -lssl -lcrypto
+HOSTLOADLIBES_fit_check_sign$(SFX) := -lssl -lcrypto
# This affects include/image.h, but including the board config file
# is tricky, so manually define this options here.
@@ -139,6 +148,7 @@ hostprogs-$(CONFIG_STATIC_RELA) += relocate-rela$(SFX)
HOSTCFLAGS_crc32.o := -pedantic
HOSTCFLAGS_md5.o := -pedantic
HOSTCFLAGS_sha1.o := -pedantic
+HOSTCFLAGS_sha256.o := -pedantic
# Don't build by default
#hostprogs-$(CONFIG_PPC) += mpc86x_clk$(SFX)
diff --git a/tools/buildman/buildman.py b/tools/buildman/buildman.py
index 8822efefa5..73a5483d46 100755
--- a/tools/buildman/buildman.py
+++ b/tools/buildman/buildman.py
@@ -101,6 +101,9 @@ parser.add_option('-T', '--threads', type='int',
default=None, help='Number of builder threads to use')
parser.add_option('-u', '--show_unknown', action='store_true',
default=False, help='Show boards with unknown build result')
+parser.add_option('-o', '--output-dir', type='string',
+ dest='output_dir', default='..',
+ help='Directory where all builds happen and buildman has its workspace (default is ../)')
parser.usage = """buildman -b <branch> [options]
diff --git a/tools/buildman/control.py b/tools/buildman/control.py
index 8e6a08f78e..d2f4102ba7 100644
--- a/tools/buildman/control.py
+++ b/tools/buildman/control.py
@@ -145,7 +145,7 @@ def DoBuildman(options, args):
options.step = len(series.commits) - 1
# Create a new builder with the selected options
- output_dir = os.path.join('..', options.branch)
+ output_dir = os.path.join(options.output_dir, options.branch)
builder = Builder(toolchains, output_dir, options.git_dir,
options.threads, options.jobs, checkout=True,
show_unknown=options.show_unknown, step=options.step)
diff --git a/tools/env/Makefile b/tools/env/Makefile
index fcb752ddb4..f5368bc4d0 100644
--- a/tools/env/Makefile
+++ b/tools/env/Makefile
@@ -25,7 +25,7 @@ hostprogs-y := fw_printenv_unstripped
fw_printenv_unstripped-objs := fw_env.o fw_env_main.o \
crc32.o ctype.o linux_string.o \
- env_attr.o env_flags.o
+ env_attr.o env_flags.o aes.o
quiet_cmd_strip = STRIP $@
cmd_strip = $(STRIP) -o $@ $<
diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
index f5cd521491..30d5b037f0 100644
--- a/tools/env/fw_env.c
+++ b/tools/env/fw_env.c
@@ -31,6 +31,10 @@
#include "fw_env.h"
+#include <aes.h>
+
+#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
+
#define WHITESPACE(c) ((c == '\t') || (c == ' '))
#define min(x, y) ({ \
@@ -98,6 +102,11 @@ static struct environment environment = {
.flag_scheme = FLAG_NONE,
};
+/* Is AES encryption used? */
+static int aes_flag;
+static uint8_t aes_key[AES_KEY_LENGTH] = { 0 };
+static int env_aes_cbc_crypt(char *data, const int enc);
+
static int HaveRedundEnv = 0;
static unsigned char active_flag = 1;
@@ -120,6 +129,10 @@ static inline ulong getenvsize (void)
if (HaveRedundEnv)
rc -= sizeof (char);
+
+ if (aes_flag)
+ rc &= ~(AES_KEY_LENGTH - 1);
+
return rc;
}
@@ -191,6 +204,36 @@ char *fw_getdefenv(char *name)
return NULL;
}
+static int parse_aes_key(char *key)
+{
+ char tmp[5] = { '0', 'x', 0, 0, 0 };
+ unsigned long ul;
+ int i;
+
+ if (strnlen(key, 64) != 32) {
+ fprintf(stderr,
+ "## Error: '-a' option requires 16-byte AES key\n");
+ return -1;
+ }
+
+ for (i = 0; i < 16; i++) {
+ tmp[2] = key[0];
+ tmp[3] = key[1];
+ errno = 0;
+ ul = strtoul(tmp, NULL, 16);
+ if (errno) {
+ fprintf(stderr,
+ "## Error: '-a' option requires valid AES key\n");
+ return -1;
+ }
+ aes_key[i] = ul & 0xff;
+ key += 2;
+ }
+ aes_flag = 1;
+
+ return 0;
+}
+
/*
* Print the current definition of one, or more, or all
* environment variables
@@ -201,6 +244,19 @@ int fw_printenv (int argc, char *argv[])
int i, n_flag;
int rc = 0;
+ if (argc >= 2 && strcmp(argv[1], "-a") == 0) {
+ if (argc < 3) {
+ fprintf(stderr,
+ "## Error: '-a' option requires AES key\n");
+ return -1;
+ }
+ rc = parse_aes_key(argv[2]);
+ if (rc)
+ return rc;
+ argv += 2;
+ argc -= 2;
+ }
+
if (fw_env_open())
return -1;
@@ -266,6 +322,16 @@ int fw_printenv (int argc, char *argv[])
int fw_env_close(void)
{
+ int ret;
+ if (aes_flag) {
+ ret = env_aes_cbc_crypt(environment.data, 1);
+ if (ret) {
+ fprintf(stderr,
+ "Error: can't encrypt env for flash\n");
+ return ret;
+ }
+ }
+
/*
* Update CRC
*/
@@ -413,7 +479,7 @@ int fw_env_write(char *name, char *value)
*/
int fw_setenv(int argc, char *argv[])
{
- int i;
+ int i, rc;
size_t len;
char *name;
char *value = NULL;
@@ -423,6 +489,24 @@ int fw_setenv(int argc, char *argv[])
return -1;
}
+ if (strcmp(argv[1], "-a") == 0) {
+ if (argc < 3) {
+ fprintf(stderr,
+ "## Error: '-a' option requires AES key\n");
+ return -1;
+ }
+ rc = parse_aes_key(argv[2]);
+ if (rc)
+ return rc;
+ argv += 2;
+ argc -= 2;
+ }
+
+ if (argc < 2) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (fw_env_open()) {
fprintf(stderr, "Error: environment not initialized\n");
return -1;
@@ -900,6 +984,28 @@ static int flash_flag_obsolete (int dev, int fd, off_t offset)
return rc;
}
+/* Encrypt or decrypt the environment before writing or reading it. */
+static int env_aes_cbc_crypt(char *payload, const int enc)
+{
+ uint8_t *data = (uint8_t *)payload;
+ const int len = getenvsize();
+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+ uint32_t aes_blocks;
+
+ /* First we expand the key. */
+ aes_expand_key(aes_key, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+ if (enc)
+ aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks);
+ else
+ aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks);
+
+ return 0;
+}
+
static int flash_write (int fd_current, int fd_target, int dev_target)
{
int rc;
@@ -923,6 +1029,7 @@ static int flash_write (int fd_current, int fd_target, int dev_target)
fprintf(stderr, "Writing new environment at 0x%lx on %s\n",
DEVOFFSET (dev_target), DEVNAME (dev_target));
#endif
+
rc = flash_write_buf(dev_target, fd_target, environment.image,
CUR_ENVSIZE, DEVOFFSET(dev_target),
DEVTYPE(dev_target));
@@ -981,8 +1088,10 @@ static int flash_read (int fd)
rc = flash_read_buf(dev_current, fd, environment.image, CUR_ENVSIZE,
DEVOFFSET (dev_current), mtdinfo.type);
+ if (rc != CUR_ENVSIZE)
+ return -1;
- return (rc != CUR_ENVSIZE) ? -1 : 0;
+ return 0;
}
static int flash_io (int mode)
@@ -1075,6 +1184,8 @@ int fw_env_open(void)
unsigned char flag1;
void *addr1;
+ int ret;
+
struct env_image_single *single;
struct env_image_redundant *redundant;
@@ -1109,6 +1220,13 @@ int fw_env_open(void)
return -1;
crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE);
+
+ if (aes_flag) {
+ ret = env_aes_cbc_crypt(environment.data, 0);
+ if (ret)
+ return ret;
+ }
+
crc0_ok = (crc0 == *environment.crc);
if (!HaveRedundEnv) {
if (!crc0_ok) {
@@ -1159,6 +1277,13 @@ int fw_env_open(void)
}
crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE);
+
+ if (aes_flag) {
+ ret = env_aes_cbc_crypt(redundant->data, 0);
+ if (ret)
+ return ret;
+ }
+
crc1_ok = (crc1 == redundant->crc);
flag1 = redundant->flags;
diff --git a/tools/env/fw_env_main.c b/tools/env/fw_env_main.c
index 2b85d78864..ce50d58b64 100644
--- a/tools/env/fw_env_main.c
+++ b/tools/env/fw_env_main.c
@@ -9,18 +9,22 @@
* Command line user interface to firmware (=U-Boot) environment.
*
* Implements:
- * fw_printenv [[ -n name ] | [ name ... ]]
+ * fw_printenv [ -a key ] [[ -n name ] | [ name ... ]]
* - prints the value of a single environment variable
* "name", the ``name=value'' pairs of one or more
* environment variables "name", or the whole
* environment if no names are specified.
- * fw_setenv name [ value ... ]
+ * fw_setenv [ -a key ] name [ value ... ]
* - If a name without any values is given, the variable
* with this name is deleted from the environment;
* otherwise, all "value" arguments are concatenated,
* separated by single blank characters, and the
* resulting string is assigned to the environment
* variable "name"
+ *
+ * If '-a key' is specified, the env block is encrypted with AES 128 CBC.
+ * The 'key' argument is in the format of 32 hexadecimal numbers (16 bytes
+ * of AES key), eg. '-a aabbccddeeff00112233445566778899'.
*/
#include <fcntl.h>
@@ -46,8 +50,8 @@ void usage(void)
fprintf(stderr, "fw_printenv/fw_setenv, "
"a command line interface to U-Boot environment\n\n"
- "usage:\tfw_printenv [-n] [variable name]\n"
- "\tfw_setenv [variable name] [variable value]\n"
+ "usage:\tfw_printenv [-a key] [-n] [variable name]\n"
+ "\tfw_setenv [-a key] [variable name] [variable value]\n"
"\tfw_setenv -s [ file ]\n"
"\tfw_setenv -s - < [ file ]\n\n"
"The file passed as argument contains only pairs "
@@ -94,9 +98,12 @@ int main(int argc, char *argv[])
cmdname = p + 1;
}
- while ((c = getopt_long (argc, argv, "ns:h",
+ while ((c = getopt_long (argc, argv, "a:ns:h",
long_options, NULL)) != EOF) {
switch (c) {
+ case 'a':
+ /* AES key, handled later */
+ break;
case 'n':
/* handled in fw_printenv */
break;
diff --git a/tools/fdt_host.h b/tools/fdt_host.h
index c2b23c6217..134d965713 100644
--- a/tools/fdt_host.h
+++ b/tools/fdt_host.h
@@ -11,4 +11,6 @@
#include "../include/libfdt.h"
#include "../include/fdt_support.h"
+int fit_check_sign(const void *working_fdt, const void *key);
+
#endif /* __FDT_HOST_H__ */
diff --git a/tools/fdtdec.c b/tools/fdtdec.c
new file mode 100644
index 0000000000..f1c22569ca
--- /dev/null
+++ b/tools/fdtdec.c
@@ -0,0 +1 @@
+#include "../lib/fdtdec.c"
diff --git a/tools/fit_check_sign.c b/tools/fit_check_sign.c
new file mode 100644
index 0000000000..d6d9340094
--- /dev/null
+++ b/tools/fit_check_sign.c
@@ -0,0 +1,85 @@
+/*
+ * (C) Copyright 2014
+ * DENX Software Engineering
+ * Heiko Schocher <hs@denx.de>
+ *
+ * Based on:
+ * (C) Copyright 2008 Semihalf
+ *
+ * (C) Copyright 2000-2004
+ * DENX Software Engineering
+ * Wolfgang Denk, wd@denx.de
+ *
+ * Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
+ * FIT image specific code abstracted from mkimage.c
+ * some functions added to address abstraction
+ *
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include "mkimage.h"
+#include "fit_common.h"
+#include <image.h>
+#include <u-boot/crc.h>
+
+void usage(char *cmdname)
+{
+ fprintf(stderr, "Usage: %s -f fit file -k key file\n"
+ " -f ==> set fit file which should be checked'\n"
+ " -k ==> set key file which contains the key'\n",
+ cmdname);
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+ int ffd = -1;
+ int kfd = -1;
+ struct stat fsbuf;
+ struct stat ksbuf;
+ void *fit_blob;
+ char *fdtfile = NULL;
+ char *keyfile = NULL;
+ char cmdname[50];
+ int ret;
+ void *key_blob;
+ int c;
+
+ strcpy(cmdname, *argv);
+ while ((c = getopt(argc, argv, "f:k:")) != -1)
+ switch (c) {
+ case 'f':
+ fdtfile = optarg;
+ break;
+ case 'k':
+ keyfile = optarg;
+ break;
+ default:
+ usage(cmdname);
+ break;
+ }
+
+ ffd = mmap_fdt(cmdname, fdtfile, &fit_blob, &fsbuf, 0);
+ if (ffd < 0)
+ return EXIT_FAILURE;
+ kfd = mmap_fdt(cmdname, keyfile, &key_blob, &ksbuf, 0);
+ if (ffd < 0)
+ return EXIT_FAILURE;
+
+ image_set_host_blob(key_blob);
+ ret = fit_check_sign(fit_blob, key_blob);
+
+ if (ret)
+ ret = EXIT_SUCCESS;
+ else
+ ret = EXIT_FAILURE;
+
+ (void) munmap((void *)fit_blob, fsbuf.st_size);
+ (void) munmap((void *)key_blob, ksbuf.st_size);
+
+ close(ffd);
+ close(kfd);
+ exit(ret);
+}
diff --git a/tools/fit_common.c b/tools/fit_common.c
new file mode 100644
index 0000000000..ee1767bd01
--- /dev/null
+++ b/tools/fit_common.c
@@ -0,0 +1,86 @@
+/*
+ * (C) Copyright 2014
+ * DENX Software Engineering
+ * Heiko Schocher <hs@denx.de>
+ *
+ * (C) Copyright 2008 Semihalf
+ *
+ * (C) Copyright 2000-2004
+ * DENX Software Engineering
+ * Wolfgang Denk, wd@denx.de
+ *
+ * Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
+ * FIT image specific code abstracted from mkimage.c
+ * some functions added to address abstraction
+ *
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include "imagetool.h"
+#include "mkimage.h"
+#include "fit_common.h"
+#include <image.h>
+#include <u-boot/crc.h>
+
+int fit_verify_header(unsigned char *ptr, int image_size,
+ struct image_tool_params *params)
+{
+ return fdt_check_header(ptr);
+}
+
+int fit_check_image_types(uint8_t type)
+{
+ if (type == IH_TYPE_FLATDT)
+ return EXIT_SUCCESS;
+ else
+ return EXIT_FAILURE;
+}
+
+int mmap_fdt(char *cmdname, const char *fname, void **blobp,
+ struct stat *sbuf, int useunlink)
+{
+ void *ptr;
+ int fd;
+
+ /* Load FIT blob into memory (we need to write hashes/signatures) */
+ fd = open(fname, O_RDWR | O_BINARY);
+
+ if (fd < 0) {
+ fprintf(stderr, "%s: Can't open %s: %s\n",
+ cmdname, fname, strerror(errno));
+ if (useunlink)
+ unlink(fname);
+ return -1;
+ }
+
+ if (fstat(fd, sbuf) < 0) {
+ fprintf(stderr, "%s: Can't stat %s: %s\n",
+ cmdname, fname, strerror(errno));
+ if (useunlink)
+ unlink(fname);
+ return -1;
+ }
+
+ errno = 0;
+ ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+ if ((ptr == MAP_FAILED) || (errno != 0)) {
+ fprintf(stderr, "%s: Can't read %s: %s\n",
+ cmdname, fname, strerror(errno));
+ if (useunlink)
+ unlink(fname);
+ return -1;
+ }
+
+ /* check if ptr has a valid blob */
+ if (fdt_check_header(ptr)) {
+ fprintf(stderr, "%s: Invalid FIT blob\n", cmdname);
+ if (useunlink)
+ unlink(fname);
+ return -1;
+ }
+
+ *blobp = ptr;
+ return fd;
+}
diff --git a/tools/fit_common.h b/tools/fit_common.h
new file mode 100644
index 0000000000..adf440480b
--- /dev/null
+++ b/tools/fit_common.h
@@ -0,0 +1,22 @@
+/*
+ * (C) Copyright 2014
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef _FIT_COMMON_H_
+#define _FIT_COMMON_H_
+
+#include "imagetool.h"
+#include "mkimage.h"
+#include <image.h>
+
+int fit_verify_header(unsigned char *ptr, int image_size,
+ struct image_tool_params *params);
+
+int fit_check_image_types(uint8_t type);
+
+int mmap_fdt(char *cmdname, const char *fname, void **blobp,
+ struct stat *sbuf, int useunlink);
+
+#endif /* _FIT_COMMON_H_ */
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 1466164f0a..eeee484cde 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -15,68 +15,13 @@
*/
#include "imagetool.h"
+#include "fit_common.h"
#include "mkimage.h"
#include <image.h>
#include <u-boot/crc.h>
static image_header_t header;
-static int fit_verify_header (unsigned char *ptr, int image_size,
- struct image_tool_params *params)
-{
- return fdt_check_header(ptr);
-}
-
-static int fit_check_image_types (uint8_t type)
-{
- if (type == IH_TYPE_FLATDT)
- return EXIT_SUCCESS;
- else
- return EXIT_FAILURE;
-}
-
-int mmap_fdt(struct image_tool_params *params, const char *fname, void **blobp,
- struct stat *sbuf)
-{
- void *ptr;
- int fd;
-
- /* Load FIT blob into memory (we need to write hashes/signatures) */
- fd = open(fname, O_RDWR | O_BINARY);
-
- if (fd < 0) {
- fprintf(stderr, "%s: Can't open %s: %s\n",
- params->cmdname, fname, strerror(errno));
- unlink(fname);
- return -1;
- }
-
- if (fstat(fd, sbuf) < 0) {
- fprintf(stderr, "%s: Can't stat %s: %s\n",
- params->cmdname, fname, strerror(errno));
- unlink(fname);
- return -1;
- }
-
- ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
- if (ptr == MAP_FAILED) {
- fprintf(stderr, "%s: Can't read %s: %s\n",
- params->cmdname, fname, strerror(errno));
- unlink(fname);
- return -1;
- }
-
- /* check if ptr has a valid blob */
- if (fdt_check_header(ptr)) {
- fprintf(stderr, "%s: Invalid FIT blob\n", params->cmdname);
- unlink(fname);
- return -1;
- }
-
- *blobp = ptr;
- return fd;
-}
-
/**
* fit_handle_file - main FIT file processing function
*
@@ -129,13 +74,14 @@ static int fit_handle_file(struct image_tool_params *params)
}
if (params->keydest) {
- destfd = mmap_fdt(params, params->keydest, &dest_blob, &sbuf);
+ destfd = mmap_fdt(params->cmdname, params->keydest,
+ &dest_blob, &sbuf, 1);
if (destfd < 0)
goto err_keydest;
destfd_size = sbuf.st_size;
}
- tfd = mmap_fdt(params, tmpfile, &ptr, &sbuf);
+ tfd = mmap_fdt(params->cmdname, tmpfile, &ptr, &sbuf, 1);
if (tfd < 0)
goto err_mmap;
diff --git a/tools/fit_info.c b/tools/fit_info.c
new file mode 100644
index 0000000000..50f3c8edf1
--- /dev/null
+++ b/tools/fit_info.c
@@ -0,0 +1,96 @@
+/*
+ * (C) Copyright 2014
+ * DENX Software Engineering
+ * Heiko Schocher <hs@denx.de>
+ *
+ * fit_info: print the offset and the len of a property from
+ * node in a fit file.
+ *
+ * Based on:
+ * (C) Copyright 2008 Semihalf
+ *
+ * (C) Copyright 2000-2004
+ * DENX Software Engineering
+ * Wolfgang Denk, wd@denx.de
+ *
+ * Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
+ * FIT image specific code abstracted from mkimage.c
+ * some functions added to address abstraction
+ *
+ * All rights reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include "mkimage.h"
+#include "fit_common.h"
+#include <image.h>
+#include <u-boot/crc.h>
+
+void usage(char *cmdname)
+{
+ fprintf(stderr, "Usage: %s -f fit file -n node -p property\n"
+ " -f ==> set fit file which is used'\n"
+ " -n ==> set node name'\n"
+ " -p ==> set property name'\n",
+ cmdname);
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+ int ffd = -1;
+ struct stat fsbuf;
+ void *fit_blob;
+ int len;
+ int nodeoffset; /* node offset from libfdt */
+ const void *nodep; /* property node pointer */
+ char *fdtfile = NULL;
+ char *nodename = NULL;
+ char *propertyname = NULL;
+ char cmdname[50];
+ int c;
+
+ strcpy(cmdname, *argv);
+ while ((c = getopt(argc, argv, "f:n:p:")) != -1)
+ switch (c) {
+ case 'f':
+ fdtfile = optarg;
+ break;
+ case 'n':
+ nodename = optarg;
+ break;
+ case 'p':
+ propertyname = optarg;
+ break;
+ default:
+ usage(cmdname);
+ break;
+ }
+
+ ffd = mmap_fdt(cmdname, fdtfile, &fit_blob, &fsbuf, 0);
+
+ if (ffd < 0) {
+ printf("Could not open %s\n", fdtfile);
+ exit(EXIT_FAILURE);
+ }
+
+ nodeoffset = fdt_path_offset(fit_blob, nodename);
+ if (nodeoffset < 0) {
+ printf("%s not found.", nodename);
+ exit(EXIT_FAILURE);
+ }
+ nodep = fdt_getprop(fit_blob, nodeoffset, propertyname, &len);
+ if (len == 0) {
+ printf("len == 0 %s\n", propertyname);
+ exit(EXIT_FAILURE);
+ }
+
+ printf("NAME: %s\n", fit_get_name(fit_blob, nodeoffset, NULL));
+ printf("LEN: %d\n", len);
+ printf("OFF: %d\n", (int)(nodep - fit_blob));
+ (void) munmap((void *)fit_blob, fsbuf.st_size);
+
+ close(ffd);
+ exit(EXIT_SUCCESS);
+}
diff --git a/tools/image-host.c b/tools/image-host.c
index 0d5c88ca73..651f1c2f8b 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -403,7 +403,7 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset,
goto err_mem;
/* Get a list of images that we intend to sign */
- prop = fit_config_get_image_list(fit, conf_noffset, &len,
+ prop = fit_config_get_image_list(fit, sig_offset, &len,
&allow_missing);
if (!prop)
return 0;
@@ -695,3 +695,18 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
return 0;
}
+
+#ifdef CONFIG_FIT_SIGNATURE
+int fit_check_sign(const void *working_fdt, const void *key)
+{
+ int cfg_noffset;
+ int ret;
+
+ cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+ if (!cfg_noffset)
+ return -1;
+
+ ret = fit_config_verify(working_fdt, cfg_noffset);
+ return ret;
+}
+#endif
diff --git a/tools/rsa-checksum.c b/tools/rsa-checksum.c
new file mode 100644
index 0000000000..09033e6201
--- /dev/null
+++ b/tools/rsa-checksum.c
@@ -0,0 +1 @@
+#include "../lib/rsa/rsa-checksum.c"
diff --git a/tools/rsa-verify.c b/tools/rsa-verify.c
new file mode 100644
index 0000000000..bb662a1ef8
--- /dev/null
+++ b/tools/rsa-verify.c
@@ -0,0 +1 @@
+#include "../lib/rsa/rsa-verify.c"
diff --git a/tools/sha256.c b/tools/sha256.c
new file mode 100644
index 0000000000..8ca931f6bf
--- /dev/null
+++ b/tools/sha256.c
@@ -0,0 +1 @@
+#include "../lib/sha256.c"