Merge branch '2021-01-22-tool-updates'

- Assorted updates to the tools/ code
2025-06-23 07:01:38 +00:00 · 2021-01-23 09:55:35 -05:00 · 2021-01-23 09:55:35 -05:00 · 757cec3a03
commit 757cec3a03
parent b577bc1c5f 09779488a9
6 changed files with 114 additions and 86 deletions
--- a/common/image-fit-sig.c
+++ b/common/image-fit-sig.c
@ -19,20 +19,6 @@ DECLARE_GLOBAL_DATA_PTR;

 #define IMAGE_MAX_HASHED_NODES		100

-#ifdef USE_HOSTCC
-void *host_blob;
-
-void image_set_host_blob(void *blob)
-{
-	host_blob = blob;
-}
-
-void *image_get_host_blob(void)
-{
-	return host_blob;
-}
-#endif
-
 /**
 * fit_region_make_list() - Make a list of image regions
 *
--- a/common/image-fit.c
+++ b/common/image-fit.c
@ -112,6 +112,21 @@ int fit_parse_subimage(const char *spec, ulong addr_curr,
 }
 #endif /* !USE_HOSTCC */

+#ifdef USE_HOSTCC
+/* Host tools use these implementations for Cipher and Signature support */
+static void *host_blob;
+
+void image_set_host_blob(void *blob)
+{
+	host_blob = blob;
+}
+
+void *image_get_host_blob(void)
+{
+	return host_blob;
+}
+#endif /* USE_HOSTCC */
+
 static void fit_get_debug(const void *fit, int noffset,
 		char *prop_name, int err)
 {
--- a/tools/Makefile
+++ b/tools/Makefile
@ -155,7 +155,7 @@ HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE
 endif

 # MXSImage needs LibSSL
-ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE),)
+ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),)
 HOSTCFLAGS_kwbimage.o += \
 	$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
 HOSTLDLIBS_mkimage += \
--- a/tools/env/fw_env.c
+++ b/tools/env/fw_env.c
@ -1208,7 +1208,7 @@ static int flash_write(int fd_current, int fd_target, int dev_target)

 	if (IS_UBI(dev_target)) {
 		if (ubi_update_start(fd_target, CUR_ENVSIZE) < 0)
-			return 0;
+			return -1;
 		return ubi_write(fd_target, environment.image, CUR_ENVSIZE);
 	}

--- a/tools/image-host.c
+++ b/tools/image-host.c
@ -700,13 +700,84 @@ static const char *fit_config_get_image_list(void *fit, int noffset,
 	return default_list;
 }

+static int fit_config_add_hash(void *fit, const char *conf_name, const char *sig_name,
+			       struct strlist *node_inc, const char *iname, int image_noffset)
+{
+	char name[200], path[200];
+	int noffset;
+	int hash_count;
+	int ret;
+
+	ret = fdt_get_path(fit, image_noffset, path, sizeof(path));
+	if (ret < 0)
+		goto err_path;
+	if (strlist_add(node_inc, path))
+		goto err_mem;
+
+	snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH,
+		 conf_name);
+
+	/* Add all this image's hashes */
+	hash_count = 0;
+	for (noffset = fdt_first_subnode(fit, image_noffset);
+	     noffset >= 0;
+	     noffset = fdt_next_subnode(fit, noffset)) {
+		const char *name = fit_get_name(fit, noffset, NULL);
+
+		if (strncmp(name, FIT_HASH_NODENAME,
+			    strlen(FIT_HASH_NODENAME)))
+			continue;
+		ret = fdt_get_path(fit, noffset, path, sizeof(path));
+		if (ret < 0)
+			goto err_path;
+		if (strlist_add(node_inc, path))
+			goto err_mem;
+		hash_count++;
+	}
+
+	if (!hash_count) {
+		printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
+		       conf_name, sig_name, iname);
+		return -ENOMSG;
+	}
+
+	/* Add this image's cipher node if present */
+	noffset = fdt_subnode_offset(fit, image_noffset,
+				     FIT_CIPHER_NODENAME);
+	if (noffset != -FDT_ERR_NOTFOUND) {
+		if (noffset < 0) {
+			printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n",
+			       conf_name, sig_name, iname,
+			       fdt_strerror(noffset));
+			return -EIO;
+		}
+		ret = fdt_get_path(fit, noffset, path, sizeof(path));
+		if (ret < 0)
+			goto err_path;
+		if (strlist_add(node_inc, path))
+			goto err_mem;
+	}
+
+	return 0;
+
+err_mem:
+	printf("Out of memory processing configuration '%s/%s'\n", conf_name,
+	       sig_name);
+	return -ENOMEM;
+
+err_path:
+	printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n",
+	       iname, conf_name, sig_name, fdt_strerror(ret));
+	return -ENOENT;
+}
+
 static int fit_config_get_hash_list(void *fit, int conf_noffset,
 				    int sig_offset, struct strlist *node_inc)
 {
 	int allow_missing;
 	const char *prop, *iname, *end;
 	const char *conf_name, *sig_name;
-	char name[200], path[200];
+	char name[200];
 	int image_count;
 	int ret, len;

@ -733,72 +804,32 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset,
 	end = prop + len;
 	image_count = 0;
 	for (iname = prop; iname < end; iname += strlen(iname) + 1) {
-		int noffset;
 		int image_noffset;
-		int hash_count;
+		int index, max_index;

-		image_noffset = fit_conf_get_prop_node(fit, conf_noffset,
-						       iname);
-		if (image_noffset < 0) {
-			printf("Failed to find image '%s' in  configuration '%s/%s'\n",
-			       iname, conf_name, sig_name);
-			if (allow_missing)
-				continue;
+		max_index = fdt_stringlist_count(fit, conf_noffset, iname);

-			return -ENOENT;
-		}
+		for (index = 0; index < max_index; index++) {
+			image_noffset = fit_conf_get_prop_node_index(fit, conf_noffset,
+								     iname, index);

-		ret = fdt_get_path(fit, image_noffset, path, sizeof(path));
-		if (ret < 0)
-			goto err_path;
-		if (strlist_add(node_inc, path))
-			goto err_mem;
+			if (image_noffset < 0) {
+				printf("Failed to find image '%s' in  configuration '%s/%s'\n",
+				       iname, conf_name, sig_name);
+				if (allow_missing)
+					continue;

-		snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH,
-			 conf_name);
-
-		/* Add all this image's hashes */
-		hash_count = 0;
-		for (noffset = fdt_first_subnode(fit, image_noffset);
-		     noffset >= 0;
-		     noffset = fdt_next_subnode(fit, noffset)) {
-			const char *name = fit_get_name(fit, noffset, NULL);
-
-			if (strncmp(name, FIT_HASH_NODENAME,
-				    strlen(FIT_HASH_NODENAME)))
-				continue;
-			ret = fdt_get_path(fit, noffset, path, sizeof(path));
-			if (ret < 0)
-				goto err_path;
-			if (strlist_add(node_inc, path))
-				goto err_mem;
-			hash_count++;
-		}
-
-		if (!hash_count) {
-			printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
-			       conf_name, sig_name, iname);
-			return -ENOMSG;
-		}
-
-		/* Add this image's cipher node if present */
-		noffset = fdt_subnode_offset(fit, image_noffset,
-					     FIT_CIPHER_NODENAME);
-		if (noffset != -FDT_ERR_NOTFOUND) {
-			if (noffset < 0) {
-				printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n",
-				       conf_name, sig_name, iname,
-				       fdt_strerror(noffset));
-				return -EIO;
+				return -ENOENT;
 			}
-			ret = fdt_get_path(fit, noffset, path, sizeof(path));
-			if (ret < 0)
-				goto err_path;
-			if (strlist_add(node_inc, path))
-				goto err_mem;
-		}

-		image_count++;
+			ret = fit_config_add_hash(fit, conf_name,
+						  sig_name, node_inc,
+						  iname, image_noffset);
+			if (ret < 0)
+				return ret;
+
+			image_count++;
+		}
 	}

 	if (!image_count) {
@ -813,11 +844,6 @@ err_mem:
 	printf("Out of memory processing configuration '%s/%s'\n", conf_name,
 	       sig_name);
 	return -ENOMEM;
-
-err_path:
-	printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n",
-	       iname, conf_name, sig_name, fdt_strerror(ret));
-	return -ENOENT;
 }

 static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@ -94,18 +94,18 @@ static void usage(const char *msg)
 		"          -x ==> set XIP (execute in place)\n",
 		params.cmdname);
 	fprintf(stderr,
-		"       %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-i <ramdisk.cpio.gz>] fit-image\n"
+		"       %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image\n"
 		"           <dtb> file is used with -f auto, it may occur multiple times.\n",
 		params.cmdname);
 	fprintf(stderr,
 		"          -D => set all options for device tree compiler\n"
 		"          -f => input filename for FIT source\n"
-		"          -i => input filename for ramdisk file\n");
+		"          -i => input filename for ramdisk file\n"
+		"          -E => place data outside of the FIT structure\n"
+		"          -B => align size in hex for FIT structure and header\n");
 #ifdef CONFIG_FIT_SIGNATURE
 	fprintf(stderr,
-		"Signing / verified boot options: [-E] [-B size] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
-		"          -E => place data outside of the FIT structure\n"
-		"          -B => align size in hex for FIT structure and header\n"
+		"Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
 		"          -k => set directory containing private keys\n"
 		"          -K => write public keys to this .dtb file\n"
 		"          -c => add comment in signature node\n"
@ -142,6 +142,7 @@ static int add_content(int type, const char *fname)
 	return 0;
 }

+#define OPT_STRING "a:A:b:B:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qstT:vVx"
 static void process_args(int argc, char **argv)
 {
 	char *ptr;