Fork of the vendor (Boundary Devices) u-boot for Reform 2, with minor tweaks. The goal is to migrate to mainstream u-boot or barebox ASAP. The main impediment so far is the 4GB RAM config.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 
 

1732 lines
38 KiB

  1. /*
  2. * Image manipulator for Marvell SoCs
  3. * supports Kirkwood, Dove, Armada 370, Armada XP, and Armada 38x
  4. *
  5. * (C) Copyright 2013 Thomas Petazzoni
  6. * <thomas.petazzoni@free-electrons.com>
  7. *
  8. * SPDX-License-Identifier: GPL-2.0+
  9. *
  10. * Not implemented: support for the register headers in v1 images
  11. */
  12. #include "imagetool.h"
  13. #include <limits.h>
  14. #include <image.h>
  15. #include <stdarg.h>
  16. #include <stdint.h>
  17. #include "kwbimage.h"
  18. #ifdef CONFIG_KWB_SECURE
  19. #include <openssl/bn.h>
  20. #include <openssl/rsa.h>
  21. #include <openssl/pem.h>
  22. #include <openssl/err.h>
  23. #include <openssl/evp.h>
  24. #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
  25. static void RSA_get0_key(const RSA *r,
  26. const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
  27. {
  28. if (n != NULL)
  29. *n = r->n;
  30. if (e != NULL)
  31. *e = r->e;
  32. if (d != NULL)
  33. *d = r->d;
  34. }
  35. #else
  36. void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
  37. {
  38. EVP_MD_CTX_reset(ctx);
  39. }
  40. #endif
  41. #endif
  42. static struct image_cfg_element *image_cfg;
  43. static int cfgn;
  44. #ifdef CONFIG_KWB_SECURE
  45. static int verbose_mode;
  46. #endif
  47. struct boot_mode {
  48. unsigned int id;
  49. const char *name;
  50. };
  51. /*
  52. * SHA2-256 hash
  53. */
  54. struct hash_v1 {
  55. uint8_t hash[32];
  56. };
  57. struct boot_mode boot_modes[] = {
  58. { 0x4D, "i2c" },
  59. { 0x5A, "spi" },
  60. { 0x8B, "nand" },
  61. { 0x78, "sata" },
  62. { 0x9C, "pex" },
  63. { 0x69, "uart" },
  64. { 0xAE, "sdio" },
  65. {},
  66. };
  67. struct nand_ecc_mode {
  68. unsigned int id;
  69. const char *name;
  70. };
  71. struct nand_ecc_mode nand_ecc_modes[] = {
  72. { 0x00, "default" },
  73. { 0x01, "hamming" },
  74. { 0x02, "rs" },
  75. { 0x03, "disabled" },
  76. {},
  77. };
  78. /* Used to identify an undefined execution or destination address */
  79. #define ADDR_INVALID ((uint32_t)-1)
  80. #define BINARY_MAX_ARGS 8
  81. /* In-memory representation of a line of the configuration file */
  82. enum image_cfg_type {
  83. IMAGE_CFG_VERSION = 0x1,
  84. IMAGE_CFG_BOOT_FROM,
  85. IMAGE_CFG_DEST_ADDR,
  86. IMAGE_CFG_EXEC_ADDR,
  87. IMAGE_CFG_NAND_BLKSZ,
  88. IMAGE_CFG_NAND_BADBLK_LOCATION,
  89. IMAGE_CFG_NAND_ECC_MODE,
  90. IMAGE_CFG_NAND_PAGESZ,
  91. IMAGE_CFG_BINARY,
  92. IMAGE_CFG_PAYLOAD,
  93. IMAGE_CFG_DATA,
  94. IMAGE_CFG_BAUDRATE,
  95. IMAGE_CFG_DEBUG,
  96. IMAGE_CFG_KAK,
  97. IMAGE_CFG_CSK,
  98. IMAGE_CFG_CSK_INDEX,
  99. IMAGE_CFG_JTAG_DELAY,
  100. IMAGE_CFG_BOX_ID,
  101. IMAGE_CFG_FLASH_ID,
  102. IMAGE_CFG_SEC_COMMON_IMG,
  103. IMAGE_CFG_SEC_SPECIALIZED_IMG,
  104. IMAGE_CFG_SEC_BOOT_DEV,
  105. IMAGE_CFG_SEC_FUSE_DUMP,
  106. IMAGE_CFG_COUNT
  107. } type;
  108. static const char * const id_strs[] = {
  109. [IMAGE_CFG_VERSION] = "VERSION",
  110. [IMAGE_CFG_BOOT_FROM] = "BOOT_FROM",
  111. [IMAGE_CFG_DEST_ADDR] = "DEST_ADDR",
  112. [IMAGE_CFG_EXEC_ADDR] = "EXEC_ADDR",
  113. [IMAGE_CFG_NAND_BLKSZ] = "NAND_BLKSZ",
  114. [IMAGE_CFG_NAND_BADBLK_LOCATION] = "NAND_BADBLK_LOCATION",
  115. [IMAGE_CFG_NAND_ECC_MODE] = "NAND_ECC_MODE",
  116. [IMAGE_CFG_NAND_PAGESZ] = "NAND_PAGE_SIZE",
  117. [IMAGE_CFG_BINARY] = "BINARY",
  118. [IMAGE_CFG_PAYLOAD] = "PAYLOAD",
  119. [IMAGE_CFG_DATA] = "DATA",
  120. [IMAGE_CFG_BAUDRATE] = "BAUDRATE",
  121. [IMAGE_CFG_DEBUG] = "DEBUG",
  122. [IMAGE_CFG_KAK] = "KAK",
  123. [IMAGE_CFG_CSK] = "CSK",
  124. [IMAGE_CFG_CSK_INDEX] = "CSK_INDEX",
  125. [IMAGE_CFG_JTAG_DELAY] = "JTAG_DELAY",
  126. [IMAGE_CFG_BOX_ID] = "BOX_ID",
  127. [IMAGE_CFG_FLASH_ID] = "FLASH_ID",
  128. [IMAGE_CFG_SEC_COMMON_IMG] = "SEC_COMMON_IMG",
  129. [IMAGE_CFG_SEC_SPECIALIZED_IMG] = "SEC_SPECIALIZED_IMG",
  130. [IMAGE_CFG_SEC_BOOT_DEV] = "SEC_BOOT_DEV",
  131. [IMAGE_CFG_SEC_FUSE_DUMP] = "SEC_FUSE_DUMP"
  132. };
  133. struct image_cfg_element {
  134. enum image_cfg_type type;
  135. union {
  136. unsigned int version;
  137. unsigned int bootfrom;
  138. struct {
  139. const char *file;
  140. unsigned int args[BINARY_MAX_ARGS];
  141. unsigned int nargs;
  142. } binary;
  143. const char *payload;
  144. unsigned int dstaddr;
  145. unsigned int execaddr;
  146. unsigned int nandblksz;
  147. unsigned int nandbadblklocation;
  148. unsigned int nandeccmode;
  149. unsigned int nandpagesz;
  150. struct ext_hdr_v0_reg regdata;
  151. unsigned int baudrate;
  152. unsigned int debug;
  153. const char *key_name;
  154. int csk_idx;
  155. uint8_t jtag_delay;
  156. uint32_t boxid;
  157. uint32_t flashid;
  158. bool sec_specialized_img;
  159. unsigned int sec_boot_dev;
  160. const char *name;
  161. };
  162. };
  163. #define IMAGE_CFG_ELEMENT_MAX 256
  164. /*
  165. * Utility functions to manipulate boot mode and ecc modes (convert
  166. * them back and forth between description strings and the
  167. * corresponding numerical identifiers).
  168. */
  169. static const char *image_boot_mode_name(unsigned int id)
  170. {
  171. int i;
  172. for (i = 0; boot_modes[i].name; i++)
  173. if (boot_modes[i].id == id)
  174. return boot_modes[i].name;
  175. return NULL;
  176. }
  177. int image_boot_mode_id(const char *boot_mode_name)
  178. {
  179. int i;
  180. for (i = 0; boot_modes[i].name; i++)
  181. if (!strcmp(boot_modes[i].name, boot_mode_name))
  182. return boot_modes[i].id;
  183. return -1;
  184. }
  185. int image_nand_ecc_mode_id(const char *nand_ecc_mode_name)
  186. {
  187. int i;
  188. for (i = 0; nand_ecc_modes[i].name; i++)
  189. if (!strcmp(nand_ecc_modes[i].name, nand_ecc_mode_name))
  190. return nand_ecc_modes[i].id;
  191. return -1;
  192. }
  193. static struct image_cfg_element *
  194. image_find_option(unsigned int optiontype)
  195. {
  196. int i;
  197. for (i = 0; i < cfgn; i++) {
  198. if (image_cfg[i].type == optiontype)
  199. return &image_cfg[i];
  200. }
  201. return NULL;
  202. }
  203. static unsigned int
  204. image_count_options(unsigned int optiontype)
  205. {
  206. int i;
  207. unsigned int count = 0;
  208. for (i = 0; i < cfgn; i++)
  209. if (image_cfg[i].type == optiontype)
  210. count++;
  211. return count;
  212. }
  213. #if defined(CONFIG_KWB_SECURE)
  214. static int image_get_csk_index(void)
  215. {
  216. struct image_cfg_element *e;
  217. e = image_find_option(IMAGE_CFG_CSK_INDEX);
  218. if (!e)
  219. return -1;
  220. return e->csk_idx;
  221. }
  222. static bool image_get_spezialized_img(void)
  223. {
  224. struct image_cfg_element *e;
  225. e = image_find_option(IMAGE_CFG_SEC_SPECIALIZED_IMG);
  226. if (!e)
  227. return false;
  228. return e->sec_specialized_img;
  229. }
  230. #endif
  231. /*
  232. * Compute a 8-bit checksum of a memory area. This algorithm follows
  233. * the requirements of the Marvell SoC BootROM specifications.
  234. */
  235. static uint8_t image_checksum8(void *start, uint32_t len)
  236. {
  237. uint8_t csum = 0;
  238. uint8_t *p = start;
  239. /* check len and return zero checksum if invalid */
  240. if (!len)
  241. return 0;
  242. do {
  243. csum += *p;
  244. p++;
  245. } while (--len);
  246. return csum;
  247. }
  248. static uint32_t image_checksum32(void *start, uint32_t len)
  249. {
  250. uint32_t csum = 0;
  251. uint32_t *p = start;
  252. /* check len and return zero checksum if invalid */
  253. if (!len)
  254. return 0;
  255. if (len % sizeof(uint32_t)) {
  256. fprintf(stderr, "Length %d is not in multiple of %zu\n",
  257. len, sizeof(uint32_t));
  258. return 0;
  259. }
  260. do {
  261. csum += *p;
  262. p++;
  263. len -= sizeof(uint32_t);
  264. } while (len > 0);
  265. return csum;
  266. }
  267. static uint8_t baudrate_to_option(unsigned int baudrate)
  268. {
  269. switch (baudrate) {
  270. case 2400:
  271. return MAIN_HDR_V1_OPT_BAUD_2400;
  272. case 4800:
  273. return MAIN_HDR_V1_OPT_BAUD_4800;
  274. case 9600:
  275. return MAIN_HDR_V1_OPT_BAUD_9600;
  276. case 19200:
  277. return MAIN_HDR_V1_OPT_BAUD_19200;
  278. case 38400:
  279. return MAIN_HDR_V1_OPT_BAUD_38400;
  280. case 57600:
  281. return MAIN_HDR_V1_OPT_BAUD_57600;
  282. case 115200:
  283. return MAIN_HDR_V1_OPT_BAUD_115200;
  284. default:
  285. return MAIN_HDR_V1_OPT_BAUD_DEFAULT;
  286. }
  287. }
  288. #if defined(CONFIG_KWB_SECURE)
  289. static void kwb_msg(const char *fmt, ...)
  290. {
  291. if (verbose_mode) {
  292. va_list ap;
  293. va_start(ap, fmt);
  294. vfprintf(stdout, fmt, ap);
  295. va_end(ap);
  296. }
  297. }
  298. static int openssl_err(const char *msg)
  299. {
  300. unsigned long ssl_err = ERR_get_error();
  301. fprintf(stderr, "%s", msg);
  302. fprintf(stderr, ": %s\n",
  303. ERR_error_string(ssl_err, 0));
  304. return -1;
  305. }
  306. static int kwb_load_rsa_key(const char *keydir, const char *name, RSA **p_rsa)
  307. {
  308. char path[PATH_MAX];
  309. RSA *rsa;
  310. FILE *f;
  311. if (!keydir)
  312. keydir = ".";
  313. snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
  314. f = fopen(path, "r");
  315. if (!f) {
  316. fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
  317. path, strerror(errno));
  318. return -ENOENT;
  319. }
  320. rsa = PEM_read_RSAPrivateKey(f, 0, NULL, "");
  321. if (!rsa) {
  322. openssl_err("Failure reading private key");
  323. fclose(f);
  324. return -EPROTO;
  325. }
  326. fclose(f);
  327. *p_rsa = rsa;
  328. return 0;
  329. }
  330. static int kwb_load_cfg_key(struct image_tool_params *params,
  331. unsigned int cfg_option, const char *key_name,
  332. RSA **p_key)
  333. {
  334. struct image_cfg_element *e_key;
  335. RSA *key;
  336. int res;
  337. *p_key = NULL;
  338. e_key = image_find_option(cfg_option);
  339. if (!e_key) {
  340. fprintf(stderr, "%s not configured\n", key_name);
  341. return -ENOENT;
  342. }
  343. res = kwb_load_rsa_key(params->keydir, e_key->key_name, &key);
  344. if (res < 0) {
  345. fprintf(stderr, "Failed to load %s\n", key_name);
  346. return -ENOENT;
  347. }
  348. *p_key = key;
  349. return 0;
  350. }
  351. static int kwb_load_kak(struct image_tool_params *params, RSA **p_kak)
  352. {
  353. return kwb_load_cfg_key(params, IMAGE_CFG_KAK, "KAK", p_kak);
  354. }
  355. static int kwb_load_csk(struct image_tool_params *params, RSA **p_csk)
  356. {
  357. return kwb_load_cfg_key(params, IMAGE_CFG_CSK, "CSK", p_csk);
  358. }
  359. static int kwb_compute_pubkey_hash(struct pubkey_der_v1 *pk,
  360. struct hash_v1 *hash)
  361. {
  362. EVP_MD_CTX *ctx;
  363. unsigned int key_size;
  364. unsigned int hash_size;
  365. int ret = 0;
  366. if (!pk || !hash || pk->key[0] != 0x30 || pk->key[1] != 0x82)
  367. return -EINVAL;
  368. key_size = (pk->key[2] << 8) + pk->key[3] + 4;
  369. ctx = EVP_MD_CTX_create();
  370. if (!ctx)
  371. return openssl_err("EVP context creation failed");
  372. EVP_MD_CTX_init(ctx);
  373. if (!EVP_DigestInit(ctx, EVP_sha256())) {
  374. ret = openssl_err("Digest setup failed");
  375. goto hash_err_ctx;
  376. }
  377. if (!EVP_DigestUpdate(ctx, pk->key, key_size)) {
  378. ret = openssl_err("Hashing data failed");
  379. goto hash_err_ctx;
  380. }
  381. if (!EVP_DigestFinal(ctx, hash->hash, &hash_size)) {
  382. ret = openssl_err("Could not obtain hash");
  383. goto hash_err_ctx;
  384. }
  385. EVP_MD_CTX_cleanup(ctx);
  386. hash_err_ctx:
  387. EVP_MD_CTX_destroy(ctx);
  388. return ret;
  389. }
  390. static int kwb_import_pubkey(RSA **key, struct pubkey_der_v1 *src, char *keyname)
  391. {
  392. RSA *rsa;
  393. const unsigned char *ptr;
  394. if (!key || !src)
  395. goto fail;
  396. ptr = src->key;
  397. rsa = d2i_RSAPublicKey(key, &ptr, sizeof(src->key));
  398. if (!rsa) {
  399. openssl_err("error decoding public key");
  400. goto fail;
  401. }
  402. return 0;
  403. fail:
  404. fprintf(stderr, "Failed to decode %s pubkey\n", keyname);
  405. return -EINVAL;
  406. }
  407. static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf,
  408. char *keyname)
  409. {
  410. int size_exp, size_mod, size_seq;
  411. const BIGNUM *key_e, *key_n;
  412. uint8_t *cur;
  413. char *errmsg = "Failed to encode %s\n";
  414. RSA_get0_key(key, NULL, &key_e, NULL);
  415. RSA_get0_key(key, &key_n, NULL, NULL);
  416. if (!key || !key_e || !key_n || !dst) {
  417. fprintf(stderr, "export pk failed: (%p, %p, %p, %p)",
  418. key, key_e, key_n, dst);
  419. fprintf(stderr, errmsg, keyname);
  420. return -EINVAL;
  421. }
  422. /*
  423. * According to the specs, the key should be PKCS#1 DER encoded.
  424. * But unfortunately the really required encoding seems to be different;
  425. * it violates DER...! (But it still conformes to BER.)
  426. * (Length always in long form w/ 2 byte length code; no leading zero
  427. * when MSB of first byte is set...)
  428. * So we cannot use the encoding func provided by OpenSSL and have to
  429. * do the encoding manually.
  430. */
  431. size_exp = BN_num_bytes(key_e);
  432. size_mod = BN_num_bytes(key_n);
  433. size_seq = 4 + size_mod + 4 + size_exp;
  434. if (size_mod > 256) {
  435. fprintf(stderr, "export pk failed: wrong mod size: %d\n",
  436. size_mod);
  437. fprintf(stderr, errmsg, keyname);
  438. return -EINVAL;
  439. }
  440. if (4 + size_seq > sizeof(dst->key)) {
  441. fprintf(stderr, "export pk failed: seq too large (%d, %lu)\n",
  442. 4 + size_seq, sizeof(dst->key));
  443. fprintf(stderr, errmsg, keyname);
  444. return -ENOBUFS;
  445. }
  446. cur = dst->key;
  447. /* PKCS#1 (RFC3447) RSAPublicKey structure */
  448. *cur++ = 0x30; /* SEQUENCE */
  449. *cur++ = 0x82;
  450. *cur++ = (size_seq >> 8) & 0xFF;
  451. *cur++ = size_seq & 0xFF;
  452. /* Modulus */
  453. *cur++ = 0x02; /* INTEGER */
  454. *cur++ = 0x82;
  455. *cur++ = (size_mod >> 8) & 0xFF;
  456. *cur++ = size_mod & 0xFF;
  457. BN_bn2bin(key_n, cur);
  458. cur += size_mod;
  459. /* Exponent */
  460. *cur++ = 0x02; /* INTEGER */
  461. *cur++ = 0x82;
  462. *cur++ = (size_exp >> 8) & 0xFF;
  463. *cur++ = size_exp & 0xFF;
  464. BN_bn2bin(key_e, cur);
  465. if (hashf) {
  466. struct hash_v1 pk_hash;
  467. int i;
  468. int ret = 0;
  469. ret = kwb_compute_pubkey_hash(dst, &pk_hash);
  470. if (ret < 0) {
  471. fprintf(stderr, errmsg, keyname);
  472. return ret;
  473. }
  474. fprintf(hashf, "SHA256 = ");
  475. for (i = 0 ; i < sizeof(pk_hash.hash); ++i)
  476. fprintf(hashf, "%02X", pk_hash.hash[i]);
  477. fprintf(hashf, "\n");
  478. }
  479. return 0;
  480. }
  481. int kwb_sign(RSA *key, void *data, int datasz, struct sig_v1 *sig, char *signame)
  482. {
  483. EVP_PKEY *evp_key;
  484. EVP_MD_CTX *ctx;
  485. unsigned int sig_size;
  486. int size;
  487. int ret = 0;
  488. evp_key = EVP_PKEY_new();
  489. if (!evp_key)
  490. return openssl_err("EVP_PKEY object creation failed");
  491. if (!EVP_PKEY_set1_RSA(evp_key, key)) {
  492. ret = openssl_err("EVP key setup failed");
  493. goto err_key;
  494. }
  495. size = EVP_PKEY_size(evp_key);
  496. if (size > sizeof(sig->sig)) {
  497. fprintf(stderr, "Buffer to small for signature (%d bytes)\n",
  498. size);
  499. ret = -ENOBUFS;
  500. goto err_key;
  501. }
  502. ctx = EVP_MD_CTX_create();
  503. if (!ctx) {
  504. ret = openssl_err("EVP context creation failed");
  505. goto err_key;
  506. }
  507. EVP_MD_CTX_init(ctx);
  508. if (!EVP_SignInit(ctx, EVP_sha256())) {
  509. ret = openssl_err("Signer setup failed");
  510. goto err_ctx;
  511. }
  512. if (!EVP_SignUpdate(ctx, data, datasz)) {
  513. ret = openssl_err("Signing data failed");
  514. goto err_ctx;
  515. }
  516. if (!EVP_SignFinal(ctx, sig->sig, &sig_size, evp_key)) {
  517. ret = openssl_err("Could not obtain signature");
  518. goto err_ctx;
  519. }
  520. EVP_MD_CTX_cleanup(ctx);
  521. EVP_MD_CTX_destroy(ctx);
  522. EVP_PKEY_free(evp_key);
  523. return 0;
  524. err_ctx:
  525. EVP_MD_CTX_destroy(ctx);
  526. err_key:
  527. EVP_PKEY_free(evp_key);
  528. fprintf(stderr, "Failed to create %s signature\n", signame);
  529. return ret;
  530. }
  531. int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
  532. char *signame)
  533. {
  534. EVP_PKEY *evp_key;
  535. EVP_MD_CTX *ctx;
  536. int size;
  537. int ret = 0;
  538. evp_key = EVP_PKEY_new();
  539. if (!evp_key)
  540. return openssl_err("EVP_PKEY object creation failed");
  541. if (!EVP_PKEY_set1_RSA(evp_key, key)) {
  542. ret = openssl_err("EVP key setup failed");
  543. goto err_key;
  544. }
  545. size = EVP_PKEY_size(evp_key);
  546. if (size > sizeof(sig->sig)) {
  547. fprintf(stderr, "Invalid signature size (%d bytes)\n",
  548. size);
  549. ret = -EINVAL;
  550. goto err_key;
  551. }
  552. ctx = EVP_MD_CTX_create();
  553. if (!ctx) {
  554. ret = openssl_err("EVP context creation failed");
  555. goto err_key;
  556. }
  557. EVP_MD_CTX_init(ctx);
  558. if (!EVP_VerifyInit(ctx, EVP_sha256())) {
  559. ret = openssl_err("Verifier setup failed");
  560. goto err_ctx;
  561. }
  562. if (!EVP_VerifyUpdate(ctx, data, datasz)) {
  563. ret = openssl_err("Hashing data failed");
  564. goto err_ctx;
  565. }
  566. if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) {
  567. ret = openssl_err("Could not verify signature");
  568. goto err_ctx;
  569. }
  570. EVP_MD_CTX_cleanup(ctx);
  571. EVP_MD_CTX_destroy(ctx);
  572. EVP_PKEY_free(evp_key);
  573. return 0;
  574. err_ctx:
  575. EVP_MD_CTX_destroy(ctx);
  576. err_key:
  577. EVP_PKEY_free(evp_key);
  578. fprintf(stderr, "Failed to verify %s signature\n", signame);
  579. return ret;
  580. }
  581. int kwb_sign_and_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
  582. char *signame)
  583. {
  584. if (kwb_sign(key, data, datasz, sig, signame) < 0)
  585. return -1;
  586. if (kwb_verify(key, data, datasz, sig, signame) < 0)
  587. return -1;
  588. return 0;
  589. }
  590. int kwb_dump_fuse_cmds_38x(FILE *out, struct secure_hdr_v1 *sec_hdr)
  591. {
  592. struct hash_v1 kak_pub_hash;
  593. struct image_cfg_element *e;
  594. unsigned int fuse_line;
  595. int i, idx;
  596. uint8_t *ptr;
  597. uint32_t val;
  598. int ret = 0;
  599. if (!out || !sec_hdr)
  600. return -EINVAL;
  601. ret = kwb_compute_pubkey_hash(&sec_hdr->kak, &kak_pub_hash);
  602. if (ret < 0)
  603. goto done;
  604. fprintf(out, "# burn KAK pub key hash\n");
  605. ptr = kak_pub_hash.hash;
  606. for (fuse_line = 26; fuse_line <= 30; ++fuse_line) {
  607. fprintf(out, "fuse prog -y %u 0 ", fuse_line);
  608. for (i = 4; i-- > 0;)
  609. fprintf(out, "%02hx", (ushort)ptr[i]);
  610. ptr += 4;
  611. fprintf(out, " 00");
  612. if (fuse_line < 30) {
  613. for (i = 3; i-- > 0;)
  614. fprintf(out, "%02hx", (ushort)ptr[i]);
  615. ptr += 3;
  616. } else {
  617. fprintf(out, "000000");
  618. }
  619. fprintf(out, " 1\n");
  620. }
  621. fprintf(out, "# burn CSK selection\n");
  622. idx = image_get_csk_index();
  623. if (idx < 0 || idx > 15) {
  624. ret = -EINVAL;
  625. goto done;
  626. }
  627. if (idx > 0) {
  628. for (fuse_line = 31; fuse_line < 31 + idx; ++fuse_line)
  629. fprintf(out, "fuse prog -y %u 0 00000001 00000000 1\n",
  630. fuse_line);
  631. } else {
  632. fprintf(out, "# CSK index is 0; no mods needed\n");
  633. }
  634. e = image_find_option(IMAGE_CFG_BOX_ID);
  635. if (e) {
  636. fprintf(out, "# set box ID\n");
  637. fprintf(out, "fuse prog -y 48 0 %08x 00000000 1\n", e->boxid);
  638. }
  639. e = image_find_option(IMAGE_CFG_FLASH_ID);
  640. if (e) {
  641. fprintf(out, "# set flash ID\n");
  642. fprintf(out, "fuse prog -y 47 0 %08x 00000000 1\n", e->flashid);
  643. }
  644. fprintf(out, "# enable secure mode ");
  645. fprintf(out, "(must be the last fuse line written)\n");
  646. val = 1;
  647. e = image_find_option(IMAGE_CFG_SEC_BOOT_DEV);
  648. if (!e) {
  649. fprintf(stderr, "ERROR: secured mode boot device not given\n");
  650. ret = -EINVAL;
  651. goto done;
  652. }
  653. if (e->sec_boot_dev > 0xff) {
  654. fprintf(stderr, "ERROR: secured mode boot device invalid\n");
  655. ret = -EINVAL;
  656. goto done;
  657. }
  658. val |= (e->sec_boot_dev << 8);
  659. fprintf(out, "fuse prog -y 24 0 %08x 0103e0a9 1\n", val);
  660. fprintf(out, "# lock (unused) fuse lines (0-23)s\n");
  661. for (fuse_line = 0; fuse_line < 24; ++fuse_line)
  662. fprintf(out, "fuse prog -y %u 2 1\n", fuse_line);
  663. fprintf(out, "# OK, that's all :-)\n");
  664. done:
  665. return ret;
  666. }
  667. static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
  668. {
  669. int ret = 0;
  670. struct image_cfg_element *e;
  671. e = image_find_option(IMAGE_CFG_SEC_FUSE_DUMP);
  672. if (!e)
  673. return 0;
  674. if (!strcmp(e->name, "a38x")) {
  675. FILE *out = fopen("kwb_fuses_a38x.txt", "w+");
  676. kwb_dump_fuse_cmds_38x(out, sec_hdr);
  677. fclose(out);
  678. goto done;
  679. }
  680. ret = -ENOSYS;
  681. done:
  682. return ret;
  683. }
  684. #endif
  685. static void *image_create_v0(size_t *imagesz, struct image_tool_params *params,
  686. int payloadsz)
  687. {
  688. struct image_cfg_element *e;
  689. size_t headersz;
  690. struct main_hdr_v0 *main_hdr;
  691. uint8_t *image;
  692. int has_ext = 0;
  693. /*
  694. * Calculate the size of the header and the size of the
  695. * payload
  696. */
  697. headersz = sizeof(struct main_hdr_v0);
  698. if (image_count_options(IMAGE_CFG_DATA) > 0) {
  699. has_ext = 1;
  700. headersz += sizeof(struct ext_hdr_v0);
  701. }
  702. if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
  703. fprintf(stderr, "More than one payload, not possible\n");
  704. return NULL;
  705. }
  706. image = malloc(headersz);
  707. if (!image) {
  708. fprintf(stderr, "Cannot allocate memory for image\n");
  709. return NULL;
  710. }
  711. memset(image, 0, headersz);
  712. main_hdr = (struct main_hdr_v0 *)image;
  713. /* Fill in the main header */
  714. main_hdr->blocksize =
  715. cpu_to_le32(payloadsz + sizeof(uint32_t) - headersz);
  716. main_hdr->srcaddr = cpu_to_le32(headersz);
  717. main_hdr->ext = has_ext;
  718. main_hdr->destaddr = cpu_to_le32(params->addr);
  719. main_hdr->execaddr = cpu_to_le32(params->ep);
  720. e = image_find_option(IMAGE_CFG_BOOT_FROM);
  721. if (e)
  722. main_hdr->blockid = e->bootfrom;
  723. e = image_find_option(IMAGE_CFG_NAND_ECC_MODE);
  724. if (e)
  725. main_hdr->nandeccmode = e->nandeccmode;
  726. e = image_find_option(IMAGE_CFG_NAND_PAGESZ);
  727. if (e)
  728. main_hdr->nandpagesize = cpu_to_le16(e->nandpagesz);
  729. main_hdr->checksum = image_checksum8(image,
  730. sizeof(struct main_hdr_v0));
  731. /* Generate the ext header */
  732. if (has_ext) {
  733. struct ext_hdr_v0 *ext_hdr;
  734. int cfgi, datai;
  735. ext_hdr = (struct ext_hdr_v0 *)
  736. (image + sizeof(struct main_hdr_v0));
  737. ext_hdr->offset = cpu_to_le32(0x40);
  738. for (cfgi = 0, datai = 0; cfgi < cfgn; cfgi++) {
  739. e = &image_cfg[cfgi];
  740. if (e->type != IMAGE_CFG_DATA)
  741. continue;
  742. ext_hdr->rcfg[datai].raddr =
  743. cpu_to_le32(e->regdata.raddr);
  744. ext_hdr->rcfg[datai].rdata =
  745. cpu_to_le32(e->regdata.rdata);
  746. datai++;
  747. }
  748. ext_hdr->checksum = image_checksum8(ext_hdr,
  749. sizeof(struct ext_hdr_v0));
  750. }
  751. *imagesz = headersz;
  752. return image;
  753. }
  754. static size_t image_headersz_v1(int *hasext)
  755. {
  756. struct image_cfg_element *binarye;
  757. size_t headersz;
  758. /*
  759. * Calculate the size of the header and the size of the
  760. * payload
  761. */
  762. headersz = sizeof(struct main_hdr_v1);
  763. if (image_count_options(IMAGE_CFG_BINARY) > 1) {
  764. fprintf(stderr, "More than one binary blob, not supported\n");
  765. return 0;
  766. }
  767. if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
  768. fprintf(stderr, "More than one payload, not possible\n");
  769. return 0;
  770. }
  771. binarye = image_find_option(IMAGE_CFG_BINARY);
  772. if (binarye) {
  773. int ret;
  774. struct stat s;
  775. ret = stat(binarye->binary.file, &s);
  776. if (ret < 0) {
  777. char cwd[PATH_MAX];
  778. char *dir = cwd;
  779. memset(cwd, 0, sizeof(cwd));
  780. if (!getcwd(cwd, sizeof(cwd))) {
  781. dir = "current working directory";
  782. perror("getcwd() failed");
  783. }
  784. fprintf(stderr,
  785. "Didn't find the file '%s' in '%s' which is mandatory to generate the image\n"
  786. "This file generally contains the DDR3 training code, and should be extracted from an existing bootable\n"
  787. "image for your board. See 'kwbimage -x' to extract it from an existing image.\n",
  788. binarye->binary.file, dir);
  789. return 0;
  790. }
  791. headersz += sizeof(struct opt_hdr_v1) +
  792. s.st_size +
  793. (binarye->binary.nargs + 2) * sizeof(uint32_t);
  794. if (hasext)
  795. *hasext = 1;
  796. }
  797. #if defined(CONFIG_KWB_SECURE)
  798. if (image_get_csk_index() >= 0) {
  799. headersz += sizeof(struct secure_hdr_v1);
  800. if (hasext)
  801. *hasext = 1;
  802. }
  803. #endif
  804. #if defined(CONFIG_SYS_U_BOOT_OFFS)
  805. if (headersz > CONFIG_SYS_U_BOOT_OFFS) {
  806. fprintf(stderr,
  807. "Error: Image header (incl. SPL image) too big!\n");
  808. fprintf(stderr, "header=0x%x CONFIG_SYS_U_BOOT_OFFS=0x%x!\n",
  809. (int)headersz, CONFIG_SYS_U_BOOT_OFFS);
  810. fprintf(stderr, "Increase CONFIG_SYS_U_BOOT_OFFS!\n");
  811. return 0;
  812. }
  813. headersz = CONFIG_SYS_U_BOOT_OFFS;
  814. #endif
  815. /*
  816. * The payload should be aligned on some reasonable
  817. * boundary
  818. */
  819. return ALIGN_SUP(headersz, 4096);
  820. }
  821. int add_binary_header_v1(uint8_t *cur)
  822. {
  823. struct image_cfg_element *binarye;
  824. struct opt_hdr_v1 *hdr = (struct opt_hdr_v1 *)cur;
  825. uint32_t *args;
  826. size_t binhdrsz;
  827. struct stat s;
  828. int argi;
  829. FILE *bin;
  830. int ret;
  831. binarye = image_find_option(IMAGE_CFG_BINARY);
  832. if (!binarye)
  833. return 0;
  834. hdr->headertype = OPT_HDR_V1_BINARY_TYPE;
  835. bin = fopen(binarye->binary.file, "r");
  836. if (!bin) {
  837. fprintf(stderr, "Cannot open binary file %s\n",
  838. binarye->binary.file);
  839. return -1;
  840. }
  841. if (fstat(fileno(bin), &s)) {
  842. fprintf(stderr, "Cannot stat binary file %s\n",
  843. binarye->binary.file);
  844. goto err_close;
  845. }
  846. binhdrsz = sizeof(struct opt_hdr_v1) +
  847. (binarye->binary.nargs + 2) * sizeof(uint32_t) +
  848. s.st_size;
  849. /*
  850. * The size includes the binary image size, rounded
  851. * up to a 4-byte boundary. Plus 4 bytes for the
  852. * next-header byte and 3-byte alignment at the end.
  853. */
  854. binhdrsz = ALIGN_SUP(binhdrsz, 4) + 4;
  855. hdr->headersz_lsb = cpu_to_le16(binhdrsz & 0xFFFF);
  856. hdr->headersz_msb = (binhdrsz & 0xFFFF0000) >> 16;
  857. cur += sizeof(struct opt_hdr_v1);
  858. args = (uint32_t *)cur;
  859. *args = cpu_to_le32(binarye->binary.nargs);
  860. args++;
  861. for (argi = 0; argi < binarye->binary.nargs; argi++)
  862. args[argi] = cpu_to_le32(binarye->binary.args[argi]);
  863. cur += (binarye->binary.nargs + 1) * sizeof(uint32_t);
  864. ret = fread(cur, s.st_size, 1, bin);
  865. if (ret != 1) {
  866. fprintf(stderr,
  867. "Could not read binary image %s\n",
  868. binarye->binary.file);
  869. goto err_close;
  870. }
  871. fclose(bin);
  872. cur += ALIGN_SUP(s.st_size, 4);
  873. /*
  874. * For now, we don't support more than one binary
  875. * header, and no other header types are
  876. * supported. So, the binary header is necessarily the
  877. * last one
  878. */
  879. *((uint32_t *)cur) = 0x00000000;
  880. cur += sizeof(uint32_t);
  881. return 0;
  882. err_close:
  883. fclose(bin);
  884. return -1;
  885. }
  886. #if defined(CONFIG_KWB_SECURE)
  887. int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
  888. {
  889. FILE *hashf;
  890. int res;
  891. hashf = fopen("pub_kak_hash.txt", "w");
  892. res = kwb_export_pubkey(kak, &secure_hdr->kak, hashf, "KAK");
  893. fclose(hashf);
  894. return res < 0 ? 1 : 0;
  895. }
  896. int kwb_sign_csk_with_kak(struct image_tool_params *params,
  897. struct secure_hdr_v1 *secure_hdr, RSA *csk)
  898. {
  899. RSA *kak = NULL;
  900. RSA *kak_pub = NULL;
  901. int csk_idx = image_get_csk_index();
  902. struct sig_v1 tmp_sig;
  903. if (csk_idx >= 16) {
  904. fprintf(stderr, "Invalid CSK index %d\n", csk_idx);
  905. return 1;
  906. }
  907. if (kwb_load_kak(params, &kak) < 0)
  908. return 1;
  909. if (export_pub_kak_hash(kak, secure_hdr))
  910. return 1;
  911. if (kwb_import_pubkey(&kak_pub, &secure_hdr->kak, "KAK") < 0)
  912. return 1;
  913. if (kwb_export_pubkey(csk, &secure_hdr->csk[csk_idx], NULL, "CSK") < 0)
  914. return 1;
  915. if (kwb_sign_and_verify(kak, &secure_hdr->csk,
  916. sizeof(secure_hdr->csk) +
  917. sizeof(secure_hdr->csksig),
  918. &tmp_sig, "CSK") < 0)
  919. return 1;
  920. if (kwb_verify(kak_pub, &secure_hdr->csk,
  921. sizeof(secure_hdr->csk) +
  922. sizeof(secure_hdr->csksig),
  923. &tmp_sig, "CSK (2)") < 0)
  924. return 1;
  925. secure_hdr->csksig = tmp_sig;
  926. return 0;
  927. }
  928. int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
  929. int payloadsz, size_t headersz, uint8_t *image,
  930. struct secure_hdr_v1 *secure_hdr)
  931. {
  932. struct image_cfg_element *e_jtagdelay;
  933. struct image_cfg_element *e_boxid;
  934. struct image_cfg_element *e_flashid;
  935. RSA *csk = NULL;
  936. unsigned char *image_ptr;
  937. size_t image_size;
  938. struct sig_v1 tmp_sig;
  939. bool specialized_img = image_get_spezialized_img();
  940. kwb_msg("Create secure header content\n");
  941. e_jtagdelay = image_find_option(IMAGE_CFG_JTAG_DELAY);
  942. e_boxid = image_find_option(IMAGE_CFG_BOX_ID);
  943. e_flashid = image_find_option(IMAGE_CFG_FLASH_ID);
  944. if (kwb_load_csk(params, &csk) < 0)
  945. return 1;
  946. secure_hdr->headertype = OPT_HDR_V1_SECURE_TYPE;
  947. secure_hdr->headersz_msb = 0;
  948. secure_hdr->headersz_lsb = cpu_to_le16(sizeof(struct secure_hdr_v1));
  949. if (e_jtagdelay)
  950. secure_hdr->jtag_delay = e_jtagdelay->jtag_delay;
  951. if (e_boxid && specialized_img)
  952. secure_hdr->boxid = cpu_to_le32(e_boxid->boxid);
  953. if (e_flashid && specialized_img)
  954. secure_hdr->flashid = cpu_to_le32(e_flashid->flashid);
  955. if (kwb_sign_csk_with_kak(params, secure_hdr, csk))
  956. return 1;
  957. image_ptr = ptr + headersz;
  958. image_size = payloadsz - headersz;
  959. if (kwb_sign_and_verify(csk, image_ptr, image_size,
  960. &secure_hdr->imgsig, "image") < 0)
  961. return 1;
  962. if (kwb_sign_and_verify(csk, image, headersz, &tmp_sig, "header") < 0)
  963. return 1;
  964. secure_hdr->hdrsig = tmp_sig;
  965. kwb_dump_fuse_cmds(secure_hdr);
  966. return 0;
  967. }
  968. #endif
  969. static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
  970. uint8_t *ptr, int payloadsz)
  971. {
  972. struct image_cfg_element *e;
  973. struct main_hdr_v1 *main_hdr;
  974. #if defined(CONFIG_KWB_SECURE)
  975. struct secure_hdr_v1 *secure_hdr = NULL;
  976. #endif
  977. size_t headersz;
  978. uint8_t *image, *cur;
  979. int hasext = 0;
  980. uint8_t *next_ext = NULL;
  981. /*
  982. * Calculate the size of the header and the size of the
  983. * payload
  984. */
  985. headersz = image_headersz_v1(&hasext);
  986. if (headersz == 0)
  987. return NULL;
  988. image = malloc(headersz);
  989. if (!image) {
  990. fprintf(stderr, "Cannot allocate memory for image\n");
  991. return NULL;
  992. }
  993. memset(image, 0, headersz);
  994. main_hdr = (struct main_hdr_v1 *)image;
  995. cur = image;
  996. cur += sizeof(struct main_hdr_v1);
  997. next_ext = &main_hdr->ext;
  998. /* Fill the main header */
  999. main_hdr->blocksize =
  1000. cpu_to_le32(payloadsz - headersz + sizeof(uint32_t));
  1001. main_hdr->headersz_lsb = cpu_to_le16(headersz & 0xFFFF);
  1002. main_hdr->headersz_msb = (headersz & 0xFFFF0000) >> 16;
  1003. main_hdr->destaddr = cpu_to_le32(params->addr)
  1004. - sizeof(image_header_t);
  1005. main_hdr->execaddr = cpu_to_le32(params->ep);
  1006. main_hdr->srcaddr = cpu_to_le32(headersz);
  1007. main_hdr->ext = hasext;
  1008. main_hdr->version = 1;
  1009. e = image_find_option(IMAGE_CFG_BOOT_FROM);
  1010. if (e)
  1011. main_hdr->blockid = e->bootfrom;
  1012. e = image_find_option(IMAGE_CFG_NAND_BLKSZ);
  1013. if (e)
  1014. main_hdr->nandblocksize = e->nandblksz / (64 * 1024);
  1015. e = image_find_option(IMAGE_CFG_NAND_BADBLK_LOCATION);
  1016. if (e)
  1017. main_hdr->nandbadblklocation = e->nandbadblklocation;
  1018. e = image_find_option(IMAGE_CFG_BAUDRATE);
  1019. if (e)
  1020. main_hdr->options = baudrate_to_option(e->baudrate);
  1021. e = image_find_option(IMAGE_CFG_DEBUG);
  1022. if (e)
  1023. main_hdr->flags = e->debug ? 0x1 : 0;
  1024. #if defined(CONFIG_KWB_SECURE)
  1025. if (image_get_csk_index() >= 0) {
  1026. /*
  1027. * only reserve the space here; we fill the header later since
  1028. * we need the header to be complete to compute the signatures
  1029. */
  1030. secure_hdr = (struct secure_hdr_v1 *)cur;
  1031. cur += sizeof(struct secure_hdr_v1);
  1032. next_ext = &secure_hdr->next;
  1033. }
  1034. #endif
  1035. *next_ext = 1;
  1036. if (add_binary_header_v1(cur))
  1037. return NULL;
  1038. #if defined(CONFIG_KWB_SECURE)
  1039. if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz,
  1040. headersz, image, secure_hdr))
  1041. return NULL;
  1042. #endif
  1043. /* Calculate and set the header checksum */
  1044. main_hdr->checksum = image_checksum8(main_hdr, headersz);
  1045. *imagesz = headersz;
  1046. return image;
  1047. }
  1048. int recognize_keyword(char *keyword)
  1049. {
  1050. int kw_id;
  1051. for (kw_id = 1; kw_id < IMAGE_CFG_COUNT; ++kw_id)
  1052. if (!strcmp(keyword, id_strs[kw_id]))
  1053. return kw_id;
  1054. return 0;
  1055. }
  1056. static int image_create_config_parse_oneline(char *line,
  1057. struct image_cfg_element *el)
  1058. {
  1059. char *keyword, *saveptr, *value1, *value2;
  1060. char delimiters[] = " \t";
  1061. int keyword_id, ret, argi;
  1062. char *unknown_msg = "Ignoring unknown line '%s'\n";
  1063. keyword = strtok_r(line, delimiters, &saveptr);
  1064. keyword_id = recognize_keyword(keyword);
  1065. if (!keyword_id) {
  1066. fprintf(stderr, unknown_msg, line);
  1067. return 0;
  1068. }
  1069. el->type = keyword_id;
  1070. value1 = strtok_r(NULL, delimiters, &saveptr);
  1071. if (!value1) {
  1072. fprintf(stderr, "Parameter missing in line '%s'\n", line);
  1073. return -1;
  1074. }
  1075. switch (keyword_id) {
  1076. case IMAGE_CFG_VERSION:
  1077. el->version = atoi(value1);
  1078. break;
  1079. case IMAGE_CFG_BOOT_FROM:
  1080. ret = image_boot_mode_id(value1);
  1081. if (ret < 0) {
  1082. fprintf(stderr, "Invalid boot media '%s'\n", value1);
  1083. return -1;
  1084. }
  1085. el->bootfrom = ret;
  1086. break;
  1087. case IMAGE_CFG_NAND_BLKSZ:
  1088. el->nandblksz = strtoul(value1, NULL, 16);
  1089. break;
  1090. case IMAGE_CFG_NAND_BADBLK_LOCATION:
  1091. el->nandbadblklocation = strtoul(value1, NULL, 16);
  1092. break;
  1093. case IMAGE_CFG_NAND_ECC_MODE:
  1094. ret = image_nand_ecc_mode_id(value1);
  1095. if (ret < 0) {
  1096. fprintf(stderr, "Invalid NAND ECC mode '%s'\n", value1);
  1097. return -1;
  1098. }
  1099. el->nandeccmode = ret;
  1100. break;
  1101. case IMAGE_CFG_NAND_PAGESZ:
  1102. el->nandpagesz = strtoul(value1, NULL, 16);
  1103. break;
  1104. case IMAGE_CFG_BINARY:
  1105. argi = 0;
  1106. el->binary.file = strdup(value1);
  1107. while (1) {
  1108. char *value = strtok_r(NULL, delimiters, &saveptr);
  1109. if (!value)
  1110. break;
  1111. el->binary.args[argi] = strtoul(value, NULL, 16);
  1112. argi++;
  1113. if (argi >= BINARY_MAX_ARGS) {
  1114. fprintf(stderr,
  1115. "Too many arguments for BINARY\n");
  1116. return -1;
  1117. }
  1118. }
  1119. el->binary.nargs = argi;
  1120. break;
  1121. case IMAGE_CFG_DATA:
  1122. value2 = strtok_r(NULL, delimiters, &saveptr);
  1123. if (!value1 || !value2) {
  1124. fprintf(stderr,
  1125. "Invalid number of arguments for DATA\n");
  1126. return -1;
  1127. }
  1128. el->regdata.raddr = strtoul(value1, NULL, 16);
  1129. el->regdata.rdata = strtoul(value2, NULL, 16);
  1130. break;
  1131. case IMAGE_CFG_BAUDRATE:
  1132. el->baudrate = strtoul(value1, NULL, 10);
  1133. break;
  1134. case IMAGE_CFG_DEBUG:
  1135. el->debug = strtoul(value1, NULL, 10);
  1136. break;
  1137. case IMAGE_CFG_KAK:
  1138. el->key_name = strdup(value1);
  1139. break;
  1140. case IMAGE_CFG_CSK:
  1141. el->key_name = strdup(value1);
  1142. break;
  1143. case IMAGE_CFG_CSK_INDEX:
  1144. el->csk_idx = strtol(value1, NULL, 0);
  1145. break;
  1146. case IMAGE_CFG_JTAG_DELAY:
  1147. el->jtag_delay = strtoul(value1, NULL, 0);
  1148. break;
  1149. case IMAGE_CFG_BOX_ID:
  1150. el->boxid = strtoul(value1, NULL, 0);
  1151. break;
  1152. case IMAGE_CFG_FLASH_ID:
  1153. el->flashid = strtoul(value1, NULL, 0);
  1154. break;
  1155. case IMAGE_CFG_SEC_SPECIALIZED_IMG:
  1156. el->sec_specialized_img = true;
  1157. break;
  1158. case IMAGE_CFG_SEC_COMMON_IMG:
  1159. el->sec_specialized_img = false;
  1160. break;
  1161. case IMAGE_CFG_SEC_BOOT_DEV:
  1162. el->sec_boot_dev = strtoul(value1, NULL, 0);
  1163. break;
  1164. case IMAGE_CFG_SEC_FUSE_DUMP:
  1165. el->name = strdup(value1);
  1166. break;
  1167. default:
  1168. fprintf(stderr, unknown_msg, line);
  1169. }
  1170. return 0;
  1171. }
  1172. /*
  1173. * Parse the configuration file 'fcfg' into the array of configuration
  1174. * elements 'image_cfg', and return the number of configuration
  1175. * elements in 'cfgn'.
  1176. */
  1177. static int image_create_config_parse(FILE *fcfg)
  1178. {
  1179. int ret;
  1180. int cfgi = 0;
  1181. /* Parse the configuration file */
  1182. while (!feof(fcfg)) {
  1183. char *line;
  1184. char buf[256];
  1185. /* Read the current line */
  1186. memset(buf, 0, sizeof(buf));
  1187. line = fgets(buf, sizeof(buf), fcfg);
  1188. if (!line)
  1189. break;
  1190. /* Ignore useless lines */
  1191. if (line[0] == '\n' || line[0] == '#')
  1192. continue;
  1193. /* Strip final newline */
  1194. if (line[strlen(line) - 1] == '\n')
  1195. line[strlen(line) - 1] = 0;
  1196. /* Parse the current line */
  1197. ret = image_create_config_parse_oneline(line,
  1198. &image_cfg[cfgi]);
  1199. if (ret)
  1200. return ret;
  1201. cfgi++;
  1202. if (cfgi >= IMAGE_CFG_ELEMENT_MAX) {
  1203. fprintf(stderr,
  1204. "Too many configuration elements in .cfg file\n");
  1205. return -1;
  1206. }
  1207. }
  1208. cfgn = cfgi;
  1209. return 0;
  1210. }
  1211. static int image_get_version(void)
  1212. {
  1213. struct image_cfg_element *e;
  1214. e = image_find_option(IMAGE_CFG_VERSION);
  1215. if (!e)
  1216. return -1;
  1217. return e->version;
  1218. }
  1219. static void kwbimage_set_header(void *ptr, struct stat *sbuf, int ifd,
  1220. struct image_tool_params *params)
  1221. {
  1222. FILE *fcfg;
  1223. void *image = NULL;
  1224. int version;
  1225. size_t headersz = 0;
  1226. uint32_t checksum;
  1227. int ret;
  1228. int size;
  1229. fcfg = fopen(params->imagename, "r");
  1230. if (!fcfg) {
  1231. fprintf(stderr, "Could not open input file %s\n",
  1232. params->imagename);
  1233. exit(EXIT_FAILURE);
  1234. }
  1235. image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
  1236. sizeof(struct image_cfg_element));
  1237. if (!image_cfg) {
  1238. fprintf(stderr, "Cannot allocate memory\n");
  1239. fclose(fcfg);
  1240. exit(EXIT_FAILURE);
  1241. }
  1242. memset(image_cfg, 0,
  1243. IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
  1244. rewind(fcfg);
  1245. ret = image_create_config_parse(fcfg);
  1246. fclose(fcfg);
  1247. if (ret) {
  1248. free(image_cfg);
  1249. exit(EXIT_FAILURE);
  1250. }
  1251. /* The MVEBU BootROM does not allow non word aligned payloads */
  1252. sbuf->st_size = ALIGN_SUP(sbuf->st_size, 4);
  1253. version = image_get_version();
  1254. switch (version) {
  1255. /*
  1256. * Fallback to version 0 if no version is provided in the
  1257. * cfg file
  1258. */
  1259. case -1:
  1260. case 0:
  1261. image = image_create_v0(&headersz, params, sbuf->st_size);
  1262. break;
  1263. case 1:
  1264. image = image_create_v1(&headersz, params, ptr, sbuf->st_size);
  1265. break;
  1266. default:
  1267. fprintf(stderr, "Unsupported version %d\n", version);
  1268. free(image_cfg);
  1269. exit(EXIT_FAILURE);
  1270. }
  1271. if (!image) {
  1272. fprintf(stderr, "Could not create image\n");
  1273. free(image_cfg);
  1274. exit(EXIT_FAILURE);
  1275. }
  1276. free(image_cfg);
  1277. /* Build and add image checksum header */
  1278. checksum =
  1279. cpu_to_le32(image_checksum32((uint32_t *)ptr, sbuf->st_size));
  1280. size = write(ifd, &checksum, sizeof(uint32_t));
  1281. if (size != sizeof(uint32_t)) {
  1282. fprintf(stderr, "Error:%s - Checksum write %d bytes %s\n",
  1283. params->cmdname, size, params->imagefile);
  1284. exit(EXIT_FAILURE);
  1285. }
  1286. sbuf->st_size += sizeof(uint32_t);
  1287. /* Finally copy the header into the image area */
  1288. memcpy(ptr, image, headersz);
  1289. free(image);
  1290. }
  1291. static void kwbimage_print_header(const void *ptr)
  1292. {
  1293. struct main_hdr_v0 *mhdr = (struct main_hdr_v0 *)ptr;
  1294. printf("Image Type: MVEBU Boot from %s Image\n",
  1295. image_boot_mode_name(mhdr->blockid));
  1296. printf("Image version:%d\n", image_version((void *)ptr));
  1297. printf("Data Size: ");
  1298. genimg_print_size(mhdr->blocksize - sizeof(uint32_t));
  1299. printf("Load Address: %08x\n", mhdr->destaddr);
  1300. printf("Entry Point: %08x\n", mhdr->execaddr);
  1301. }
  1302. static int kwbimage_check_image_types(uint8_t type)
  1303. {
  1304. if (type == IH_TYPE_KWBIMAGE)
  1305. return EXIT_SUCCESS;
  1306. return EXIT_FAILURE;
  1307. }
  1308. static int kwbimage_verify_header(unsigned char *ptr, int image_size,
  1309. struct image_tool_params *params)
  1310. {
  1311. struct main_hdr_v0 *main_hdr;
  1312. uint8_t checksum;
  1313. main_hdr = (struct main_hdr_v0 *)ptr;
  1314. checksum = image_checksum8(ptr,
  1315. sizeof(struct main_hdr_v0)
  1316. - sizeof(uint8_t));
  1317. if (checksum != main_hdr->checksum)
  1318. return -FDT_ERR_BADSTRUCTURE;
  1319. /* Only version 0 extended header has checksum */
  1320. if (image_version((void *)ptr) == 0) {
  1321. struct ext_hdr_v0 *ext_hdr;
  1322. ext_hdr = (struct ext_hdr_v0 *)
  1323. (ptr + sizeof(struct main_hdr_v0));
  1324. checksum = image_checksum8(ext_hdr,
  1325. sizeof(struct ext_hdr_v0)
  1326. - sizeof(uint8_t));
  1327. if (checksum != ext_hdr->checksum)
  1328. return -FDT_ERR_BADSTRUCTURE;
  1329. }
  1330. return 0;
  1331. }
  1332. static int kwbimage_generate(struct image_tool_params *params,
  1333. struct image_type_params *tparams)
  1334. {
  1335. FILE *fcfg;
  1336. int alloc_len;
  1337. int version;
  1338. void *hdr;
  1339. int ret;
  1340. fcfg = fopen(params->imagename, "r");
  1341. if (!fcfg) {
  1342. fprintf(stderr, "Could not open input file %s\n",
  1343. params->imagename);
  1344. exit(EXIT_FAILURE);
  1345. }
  1346. image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
  1347. sizeof(struct image_cfg_element));
  1348. if (!image_cfg) {
  1349. fprintf(stderr, "Cannot allocate memory\n");
  1350. fclose(fcfg);
  1351. exit(EXIT_FAILURE);
  1352. }
  1353. memset(image_cfg, 0,
  1354. IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
  1355. rewind(fcfg);
  1356. ret = image_create_config_parse(fcfg);
  1357. fclose(fcfg);
  1358. if (ret) {
  1359. free(image_cfg);
  1360. exit(EXIT_FAILURE);
  1361. }
  1362. version = image_get_version();
  1363. switch (version) {
  1364. /*
  1365. * Fallback to version 0 if no version is provided in the
  1366. * cfg file
  1367. */
  1368. case -1:
  1369. case 0:
  1370. alloc_len = sizeof(struct main_hdr_v0) +
  1371. sizeof(struct ext_hdr_v0);
  1372. break;
  1373. case 1:
  1374. alloc_len = image_headersz_v1(NULL);
  1375. break;
  1376. default:
  1377. fprintf(stderr, "Unsupported version %d\n", version);
  1378. free(image_cfg);
  1379. exit(EXIT_FAILURE);
  1380. }
  1381. free(image_cfg);
  1382. hdr = malloc(alloc_len);
  1383. if (!hdr) {
  1384. fprintf(stderr, "%s: malloc return failure: %s\n",
  1385. params->cmdname, strerror(errno));
  1386. exit(EXIT_FAILURE);
  1387. }
  1388. memset(hdr, 0, alloc_len);
  1389. tparams->header_size = alloc_len;
  1390. tparams->hdr = hdr;
  1391. /*
  1392. * The resulting image needs to be 4-byte aligned. At least
  1393. * the Marvell hdrparser tool complains if its unaligned.
  1394. * By returning 1 here in this function, called via
  1395. * tparams->vrec_header() in mkimage.c, mkimage will
  1396. * automatically pad the the resulting image to a 4-byte
  1397. * size if necessary.
  1398. */
  1399. return 1;
  1400. }
  1401. /*
  1402. * Report Error if xflag is set in addition to default
  1403. */
  1404. static int kwbimage_check_params(struct image_tool_params *params)
  1405. {
  1406. if (!strlen(params->imagename)) {
  1407. char *msg = "Configuration file for kwbimage creation omitted";
  1408. fprintf(stderr, "Error:%s - %s\n", params->cmdname, msg);
  1409. return CFG_INVALID;
  1410. }
  1411. return (params->dflag && (params->fflag || params->lflag)) ||
  1412. (params->fflag && (params->dflag || params->lflag)) ||
  1413. (params->lflag && (params->dflag || params->fflag)) ||
  1414. (params->xflag) || !(strlen(params->imagename));
  1415. }
  1416. /*
  1417. * kwbimage type parameters definition
  1418. */
  1419. U_BOOT_IMAGE_TYPE(
  1420. kwbimage,
  1421. "Marvell MVEBU Boot Image support",
  1422. 0,
  1423. NULL,
  1424. kwbimage_check_params,
  1425. kwbimage_verify_header,
  1426. kwbimage_print_header,
  1427. kwbimage_set_header,
  1428. NULL,
  1429. kwbimage_check_image_types,
  1430. NULL,
  1431. kwbimage_generate
  1432. );