Browse Source

common: image: Add support for post-processing of images

This commit allows injecting a board/platform/device-specific post-
processing function into the FIT image data loading process, which can
include modifying the size and altering the starting source address of
an image data artifact. This might be desired to do things like strip
headers or footers attached to the images before they were packaged into
the FIT, or to perform operations such as decryption or authentication.
Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to
allow controlling this feature. If enabled, a platform-specific post-
process function must be provided.

Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
tags/2020-06-01
Andreas Dannenberg 4 years ago
committed by Tom Rini
parent
commit
eba3fbd6a1
2 changed files with 39 additions and 1 deletions
  1. +14
    -0
      Kconfig
  2. +25
    -1
      common/image-fit.c

+ 14
- 0
Kconfig View File

@@ -344,6 +344,20 @@ config SPL_FIT_IMAGE_POST_PROCESS
injected into the FIT creation (i.e. the blobs would have been pre-
processed before being added to the FIT image).

config FIT_IMAGE_POST_PROCESS
bool "Enable post-processing of FIT artifacts after loading by U-Boot"
depends on FIT && TI_SECURE_DEVICE
help
Allows doing any sort of manipulation to blobs after they got extracted
from FIT images like stripping off headers or modifying the size of the
blob, verification, authentication, decryption etc. in a platform or
board specific way. In order to use this feature a platform or board-
specific implementation of board_fit_image_post_process() must be
provided. Also, anything done during this post-processing step would
need to be comprehended in how the images were prepared before being
injected into the FIT creation (i.e. the blobs would have been pre-
processed before being added to the FIT image).

config SYS_CLK_FREQ
depends on ARC || ARCH_SUNXI
int "CPU clock frequency"


+ 25
- 1
common/image-fit.c View File

@@ -11,9 +11,9 @@

#ifdef USE_HOSTCC
#include "mkimage.h"
#include <image.h>
#include <time.h>
#else
#include <linux/compiler.h>
#include <common.h>
#include <errno.h>
#include <mapmem.h>
@@ -21,6 +21,7 @@
DECLARE_GLOBAL_DATA_PTR;
#endif /* !USE_HOSTCC*/

#include <image.h>
#include <bootstage.h>
#include <u-boot/crc.h>
#include <u-boot/md5.h>
@@ -1507,6 +1508,12 @@ void fit_conf_print(const void *fit, int noffset, const char *p)

static int fit_image_select(const void *fit, int rd_noffset, int verify)
{
#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS)
const void *data;
size_t size;
int ret;
#endif

fit_image_print(fit, rd_noffset, " ");

if (verify) {
@@ -1518,6 +1525,23 @@ static int fit_image_select(const void *fit, int rd_noffset, int verify)
puts("OK\n");
}

#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS)
ret = fit_image_get_data(fit, rd_noffset, &data, &size);
if (ret)
return ret;

/* perform any post-processing on the image data */
board_fit_image_post_process((void **)&data, &size);

/*
* update U-Boot's understanding of the "data" property start address
* and size according to the performed post-processing
*/
ret = fdt_setprop((void *)fit, rd_noffset, FIT_DATA_PROP, data, size);
if (ret)
return ret;
#endif

return 0;
}