mirror of
https://github.com/Fishwaldo/u-boot.git
synced 2025-03-18 13:11:31 +00:00
Merge branch '2021-07-16-cleanup-image-support'
- A large rework of the logic around supporting various image types/formats and sharing between the host and target.
This commit is contained in:
commit
f929ce5072
31 changed files with 259 additions and 236 deletions
|
@ -35,7 +35,7 @@ config FIT_EXTERNAL_OFFSET
|
|||
could be put in the hole between data payload and fit image
|
||||
header, such as CSF data on i.MX platform.
|
||||
|
||||
config FIT_ENABLE_SHA256_SUPPORT
|
||||
config FIT_SHA256
|
||||
bool "Support SHA256 checksum of FIT image contents"
|
||||
default y
|
||||
select SHA256
|
||||
|
@ -44,7 +44,7 @@ config FIT_ENABLE_SHA256_SUPPORT
|
|||
SHA256 checksum is a 256-bit (32-byte) hash value used to check that
|
||||
the image contents have not been corrupted.
|
||||
|
||||
config FIT_ENABLE_SHA384_SUPPORT
|
||||
config FIT_SHA384
|
||||
bool "Support SHA384 checksum of FIT image contents"
|
||||
default n
|
||||
select SHA384
|
||||
|
@ -54,7 +54,7 @@ config FIT_ENABLE_SHA384_SUPPORT
|
|||
the image contents have not been corrupted. Use this for the highest
|
||||
security.
|
||||
|
||||
config FIT_ENABLE_SHA512_SUPPORT
|
||||
config FIT_SHA512
|
||||
bool "Support SHA512 checksum of FIT image contents"
|
||||
default n
|
||||
select SHA512
|
||||
|
@ -103,7 +103,7 @@ config FIT_SIGNATURE_MAX_SIZE
|
|||
device memory. Assure this size does not extend past expected storage
|
||||
space.
|
||||
|
||||
config FIT_ENABLE_RSASSA_PSS_SUPPORT
|
||||
config FIT_RSASSA_PSS
|
||||
bool "Support rsassa-pss signature scheme of FIT image contents"
|
||||
depends on FIT_SIGNATURE
|
||||
default n
|
||||
|
|
|
@ -1219,19 +1219,19 @@ int calculate_hash(const void *data, int data_len, const char *algo,
|
|||
CHUNKSZ_CRC32);
|
||||
*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
|
||||
*value_len = 4;
|
||||
} else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
|
||||
} else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
|
||||
sha1_csum_wd((unsigned char *)data, data_len,
|
||||
(unsigned char *)value, CHUNKSZ_SHA1);
|
||||
*value_len = 20;
|
||||
} else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
|
||||
} else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
|
||||
sha256_csum_wd((unsigned char *)data, data_len,
|
||||
(unsigned char *)value, CHUNKSZ_SHA256);
|
||||
*value_len = SHA256_SUM_LEN;
|
||||
} else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
|
||||
} else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
|
||||
sha384_csum_wd((unsigned char *)data, data_len,
|
||||
(unsigned char *)value, CHUNKSZ_SHA384);
|
||||
*value_len = SHA384_SUM_LEN;
|
||||
} else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
|
||||
} else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
|
||||
sha512_csum_wd((unsigned char *)data, data_len,
|
||||
(unsigned char *)value, CHUNKSZ_SHA512);
|
||||
*value_len = SHA512_SUM_LEN;
|
||||
|
@ -2027,7 +2027,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
|
|||
* fit_conf_get_node() will try to find default config node
|
||||
*/
|
||||
bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME);
|
||||
if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) {
|
||||
if (IS_ENABLED(CONFIG_FIT_BEST_MATCH) && !fit_uname_config) {
|
||||
cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob());
|
||||
} else {
|
||||
cfg_noffset = fit_conf_get_node(fit,
|
||||
|
|
|
@ -3,18 +3,11 @@
|
|||
* Copyright (c) 2013, Google Inc.
|
||||
*/
|
||||
|
||||
#ifdef USE_HOSTCC
|
||||
#include "mkimage.h"
|
||||
#include <fdt_support.h>
|
||||
#include <time.h>
|
||||
#include <linux/libfdt.h>
|
||||
#else
|
||||
#include <common.h>
|
||||
#include <log.h>
|
||||
#include <malloc.h>
|
||||
#include <asm/global_data.h>
|
||||
DECLARE_GLOBAL_DATA_PTR;
|
||||
#endif /* !USE_HOSTCC*/
|
||||
#include <image.h>
|
||||
#include <u-boot/ecdsa.h>
|
||||
#include <u-boot/rsa.h>
|
||||
|
@ -28,9 +21,6 @@ struct checksum_algo checksum_algos[] = {
|
|||
.checksum_len = SHA1_SUM_LEN,
|
||||
.der_len = SHA1_DER_LEN,
|
||||
.der_prefix = sha1_der_prefix,
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
.calculate_sign = EVP_sha1,
|
||||
#endif
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
{
|
||||
|
@ -38,9 +28,6 @@ struct checksum_algo checksum_algos[] = {
|
|||
.checksum_len = SHA256_SUM_LEN,
|
||||
.der_len = SHA256_DER_LEN,
|
||||
.der_prefix = sha256_der_prefix,
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
.calculate_sign = EVP_sha256,
|
||||
#endif
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
#ifdef CONFIG_SHA384
|
||||
|
@ -49,9 +36,6 @@ struct checksum_algo checksum_algos[] = {
|
|||
.checksum_len = SHA384_SUM_LEN,
|
||||
.der_len = SHA384_DER_LEN,
|
||||
.der_prefix = sha384_der_prefix,
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
.calculate_sign = EVP_sha384,
|
||||
#endif
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
#endif
|
||||
|
@ -61,50 +45,23 @@ struct checksum_algo checksum_algos[] = {
|
|||
.checksum_len = SHA512_SUM_LEN,
|
||||
.der_len = SHA512_DER_LEN,
|
||||
.der_prefix = sha512_der_prefix,
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
.calculate_sign = EVP_sha512,
|
||||
#endif
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
#endif
|
||||
|
||||
};
|
||||
|
||||
struct crypto_algo crypto_algos[] = {
|
||||
{
|
||||
.name = "rsa2048",
|
||||
.key_len = RSA2048_BYTES,
|
||||
.sign = rsa_sign,
|
||||
.add_verify_data = rsa_add_verify_data,
|
||||
.verify = rsa_verify,
|
||||
},
|
||||
{
|
||||
.name = "rsa4096",
|
||||
.key_len = RSA4096_BYTES,
|
||||
.sign = rsa_sign,
|
||||
.add_verify_data = rsa_add_verify_data,
|
||||
.verify = rsa_verify,
|
||||
},
|
||||
{
|
||||
.name = "ecdsa256",
|
||||
.key_len = ECDSA256_BYTES,
|
||||
.sign = ecdsa_sign,
|
||||
.add_verify_data = ecdsa_add_verify_data,
|
||||
.verify = ecdsa_verify,
|
||||
},
|
||||
};
|
||||
|
||||
struct padding_algo padding_algos[] = {
|
||||
{
|
||||
.name = "pkcs-1.5",
|
||||
.verify = padding_pkcs_15_verify,
|
||||
},
|
||||
#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
|
||||
#ifdef CONFIG_FIT_RSASSA_PSS
|
||||
{
|
||||
.name = "pss",
|
||||
.verify = padding_pss_verify,
|
||||
}
|
||||
#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
|
||||
#endif /* CONFIG_FIT_RSASSA_PSS */
|
||||
};
|
||||
|
||||
struct checksum_algo *image_get_checksum_algo(const char *full_name)
|
||||
|
@ -112,16 +69,13 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name)
|
|||
int i;
|
||||
const char *name;
|
||||
|
||||
#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC)
|
||||
#if defined(CONFIG_NEEDS_MANUAL_RELOC)
|
||||
static bool done;
|
||||
|
||||
if (!done) {
|
||||
done = true;
|
||||
for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
|
||||
checksum_algos[i].name += gd->reloc_off;
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
checksum_algos[i].calculate_sign += gd->reloc_off;
|
||||
#endif
|
||||
checksum_algos[i].calculate += gd->reloc_off;
|
||||
}
|
||||
}
|
||||
|
@ -140,19 +94,18 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name)
|
|||
|
||||
struct crypto_algo *image_get_crypto_algo(const char *full_name)
|
||||
{
|
||||
int i;
|
||||
struct crypto_algo *crypto, *end;
|
||||
const char *name;
|
||||
|
||||
#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC)
|
||||
#if defined(CONFIG_NEEDS_MANUAL_RELOC)
|
||||
static bool done;
|
||||
|
||||
if (!done) {
|
||||
done = true;
|
||||
for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
|
||||
crypto_algos[i].name += gd->reloc_off;
|
||||
crypto_algos[i].sign += gd->reloc_off;
|
||||
crypto_algos[i].add_verify_data += gd->reloc_off;
|
||||
crypto_algos[i].verify += gd->reloc_off;
|
||||
crypto = ll_entry_start(struct crypto_algo, cryptos);
|
||||
end = ll_entry_end(struct crypto_algo, cryptos);
|
||||
for (; crypto < end; crypto++) {
|
||||
crypto->name += gd->reloc_off;
|
||||
crypto->verify += gd->reloc_off;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -163,11 +116,14 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
|
|||
return NULL;
|
||||
name += 1;
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
|
||||
if (!strcmp(crypto_algos[i].name, name))
|
||||
return &crypto_algos[i];
|
||||
crypto = ll_entry_start(struct crypto_algo, cryptos);
|
||||
end = ll_entry_end(struct crypto_algo, cryptos);
|
||||
for (; crypto < end; crypto++) {
|
||||
if (!strcmp(crypto->name, name))
|
||||
return crypto;
|
||||
}
|
||||
|
||||
/* Not found */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -204,7 +204,7 @@ config SPL_LEGACY_IMAGE_SUPPORT
|
|||
config SPL_LEGACY_IMAGE_CRC_CHECK
|
||||
bool "Check CRC of Legacy images"
|
||||
depends on SPL_LEGACY_IMAGE_SUPPORT
|
||||
select SPL_CRC32_SUPPORT
|
||||
select SPL_CRC32
|
||||
help
|
||||
Enable this to check the CRC of Legacy images. While this increases
|
||||
reliability, it affects both code size and boot duration.
|
||||
|
@ -407,7 +407,7 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION
|
|||
the eMMC EXT_CSC_PART_CONFIG selection should be overridden in SPL
|
||||
by user defined partition number.
|
||||
|
||||
config SPL_CRC32_SUPPORT
|
||||
config SPL_CRC32
|
||||
bool "Support CRC32"
|
||||
default y if SPL_LEGACY_IMAGE_SUPPORT
|
||||
help
|
||||
|
@ -417,7 +417,7 @@ config SPL_CRC32_SUPPORT
|
|||
for detected accidental image corruption. For secure applications you
|
||||
should consider SHA1 or SHA256.
|
||||
|
||||
config SPL_MD5_SUPPORT
|
||||
config SPL_MD5
|
||||
bool "Support MD5"
|
||||
depends on SPL_FIT
|
||||
help
|
||||
|
@ -429,7 +429,7 @@ config SPL_MD5_SUPPORT
|
|||
applications where images may be changed maliciously, you should
|
||||
consider SHA256 or SHA384.
|
||||
|
||||
config SPL_SHA1_SUPPORT
|
||||
config SPL_FIT_SHA1
|
||||
bool "Support SHA1"
|
||||
depends on SPL_FIT
|
||||
select SHA1
|
||||
|
@ -441,7 +441,7 @@ config SPL_SHA1_SUPPORT
|
|||
due to the expanding computing power available to brute-force
|
||||
attacks. For more security, consider SHA256 or SHA384.
|
||||
|
||||
config SPL_SHA256_SUPPORT
|
||||
config SPL_FIT_SHA256
|
||||
bool "Support SHA256"
|
||||
depends on SPL_FIT
|
||||
select SHA256
|
||||
|
@ -450,7 +450,7 @@ config SPL_SHA256_SUPPORT
|
|||
checksum is a 256-bit (32-byte) hash value used to check that the
|
||||
image contents have not been corrupted.
|
||||
|
||||
config SPL_SHA384_SUPPORT
|
||||
config SPL_FIT_SHA384
|
||||
bool "Support SHA384"
|
||||
depends on SPL_FIT
|
||||
select SHA384
|
||||
|
@ -461,7 +461,7 @@ config SPL_SHA384_SUPPORT
|
|||
image contents have not been corrupted. Use this for the highest
|
||||
security.
|
||||
|
||||
config SPL_SHA512_SUPPORT
|
||||
config SPL_FIT_SHA512
|
||||
bool "Support SHA512"
|
||||
depends on SPL_FIT
|
||||
select SHA512
|
||||
|
|
|
@ -32,7 +32,7 @@ CONFIG_BOOTCOMMAND="run flash_self"
|
|||
CONFIG_BOARD_EARLY_INIT_F=y
|
||||
# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_NAND_SUPPORT=y
|
||||
CONFIG_SPL_NAND_DRIVERS=y
|
||||
CONFIG_SPL_NAND_ECC=y
|
||||
|
|
|
@ -11,7 +11,7 @@ CONFIG_TARGET_BCM963158=y
|
|||
CONFIG_ENV_VARS_UBOOT_CONFIG=y
|
||||
CONFIG_FIT=y
|
||||
CONFIG_FIT_SIGNATURE=y
|
||||
CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y
|
||||
CONFIG_FIT_RSASSA_PSS=y
|
||||
CONFIG_FIT_VERBOSE=y
|
||||
CONFIG_LEGACY_IMAGE_FORMAT=y
|
||||
CONFIG_SUPPORT_RAW_INITRD=y
|
||||
|
|
|
@ -25,7 +25,7 @@ CONFIG_BOARD_EARLY_INIT_R=y
|
|||
CONFIG_SPL_STACK_R=y
|
||||
CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000
|
||||
# CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set
|
||||
# CONFIG_SPL_CRC32_SUPPORT is not set
|
||||
# CONFIG_SPL_CRC32 is not set
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_CMD_GPIO=y
|
||||
CONFIG_CMD_GPT=y
|
||||
|
|
|
@ -26,7 +26,7 @@ CONFIG_BOARD_EARLY_INIT_R=y
|
|||
CONFIG_SPL_STACK_R=y
|
||||
CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000
|
||||
# CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set
|
||||
# CONFIG_SPL_CRC32_SUPPORT is not set
|
||||
# CONFIG_SPL_CRC32 is not set
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_CMD_GPIO=y
|
||||
CONFIG_CMD_GPT=y
|
||||
|
|
|
@ -26,7 +26,7 @@ CONFIG_BOARD_EARLY_INIT_R=y
|
|||
CONFIG_SPL_STACK_R=y
|
||||
CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000
|
||||
# CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set
|
||||
# CONFIG_SPL_CRC32_SUPPORT is not set
|
||||
# CONFIG_SPL_CRC32 is not set
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_CMD_GPIO=y
|
||||
CONFIG_CMD_GPT=y
|
||||
|
|
|
@ -26,7 +26,7 @@ CONFIG_BOARD_EARLY_INIT_R=y
|
|||
CONFIG_SPL_STACK_R=y
|
||||
CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000
|
||||
# CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set
|
||||
# CONFIG_SPL_CRC32_SUPPORT is not set
|
||||
# CONFIG_SPL_CRC32 is not set
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_CMD_GPIO=y
|
||||
CONFIG_CMD_GPT=y
|
||||
|
|
|
@ -29,7 +29,7 @@ CONFIG_SPL_BOOTROM_SUPPORT=y
|
|||
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_STACK_R=y
|
||||
# CONFIG_TPL_BANNER_PRINT is not set
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_ATF=y
|
||||
# CONFIG_TPL_FRAMEWORK is not set
|
||||
# CONFIG_CMD_BOOTD is not set
|
||||
|
|
|
@ -30,7 +30,7 @@ CONFIG_SPL_BOOTROM_SUPPORT=y
|
|||
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_STACK_R=y
|
||||
# CONFIG_TPL_BANNER_PRINT is not set
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_ATF=y
|
||||
# CONFIG_TPL_FRAMEWORK is not set
|
||||
# CONFIG_CMD_BOOTD is not set
|
||||
|
|
|
@ -24,7 +24,7 @@ CONFIG_SPL_BOARD_INIT=y
|
|||
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
|
||||
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
|
||||
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x100
|
||||
# CONFIG_SPL_CRC32_SUPPORT is not set
|
||||
# CONFIG_SPL_CRC32 is not set
|
||||
# CONFIG_BOOTM_NETBSD is not set
|
||||
# CONFIG_BOOTM_PLAN9 is not set
|
||||
# CONFIG_BOOTM_RTEMS is not set
|
||||
|
|
|
@ -27,7 +27,7 @@ CONFIG_SPL_BOARD_INIT=y
|
|||
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
|
||||
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
|
||||
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x100
|
||||
# CONFIG_SPL_CRC32_SUPPORT is not set
|
||||
# CONFIG_SPL_CRC32 is not set
|
||||
# CONFIG_BOOTM_NETBSD is not set
|
||||
# CONFIG_BOOTM_PLAN9 is not set
|
||||
# CONFIG_BOOTM_RTEMS is not set
|
||||
|
|
|
@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000
|
|||
# CONFIG_PSCI_RESET is not set
|
||||
CONFIG_DEBUG_UART=y
|
||||
CONFIG_FIT=y
|
||||
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||
# CONFIG_FIT_SHA256 is not set
|
||||
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
|
||||
CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
|
||||
# CONFIG_DISPLAY_BOARDINFO is not set
|
||||
|
|
|
@ -33,7 +33,7 @@ CONFIG_SPL_BOOTROM_SUPPORT=y
|
|||
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_STACK_R=y
|
||||
# CONFIG_TPL_BANNER_PRINT is not set
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_I2C_SUPPORT=y
|
||||
CONFIG_SPL_POWER_SUPPORT=y
|
||||
CONFIG_SPL_ATF=y
|
||||
|
|
|
@ -30,7 +30,7 @@ CONFIG_SPL_BOOTROM_SUPPORT=y
|
|||
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_STACK_R=y
|
||||
# CONFIG_TPL_BANNER_PRINT is not set
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_ATF=y
|
||||
# CONFIG_TPL_FRAMEWORK is not set
|
||||
# CONFIG_CMD_BOOTD is not set
|
||||
|
|
|
@ -30,7 +30,7 @@ CONFIG_SPL_BOOTROM_SUPPORT=y
|
|||
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_STACK_R=y
|
||||
# CONFIG_TPL_BANNER_PRINT is not set
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_ATF=y
|
||||
# CONFIG_TPL_FRAMEWORK is not set
|
||||
# CONFIG_CMD_BOOTD is not set
|
||||
|
|
|
@ -10,7 +10,7 @@ CONFIG_DEBUG_UART=y
|
|||
CONFIG_DISTRO_DEFAULTS=y
|
||||
CONFIG_FIT=y
|
||||
CONFIG_FIT_SIGNATURE=y
|
||||
CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y
|
||||
CONFIG_FIT_RSASSA_PSS=y
|
||||
CONFIG_FIT_CIPHER=y
|
||||
CONFIG_FIT_VERBOSE=y
|
||||
CONFIG_BOOTSTAGE=y
|
||||
|
|
|
@ -23,7 +23,7 @@ CONFIG_USE_BOOTARGS=y
|
|||
CONFIG_BOOTARGS="earlycon"
|
||||
CONFIG_USE_BOOTCOMMAND=y
|
||||
CONFIG_BOOTCOMMAND="run fatscript; run mmcfitload; run linux_qspi_enable; run mmcfitboot"
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_CACHE=y
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_SPL_ATF=y
|
||||
|
|
|
@ -24,7 +24,7 @@ CONFIG_USE_BOOTARGS=y
|
|||
CONFIG_BOOTARGS="earlycon"
|
||||
CONFIG_USE_BOOTCOMMAND=y
|
||||
CONFIG_BOOTCOMMAND="run fatscript; run mmcfitload; run mmcfitboot"
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_CACHE=y
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_SPL_ATF=y
|
||||
|
|
|
@ -23,7 +23,7 @@ CONFIG_USE_BOOTARGS=y
|
|||
CONFIG_BOOTARGS="earlycon"
|
||||
CONFIG_USE_BOOTCOMMAND=y
|
||||
CONFIG_BOOTCOMMAND="run fatscript; run mmcfitload; run linux_qspi_enable; run mmcfitboot"
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_SPI_LOAD=y
|
||||
CONFIG_SPL_ATF=y
|
||||
CONFIG_SPL_ATF_NO_PLATFORM_PARAM=y
|
||||
|
|
|
@ -36,7 +36,7 @@ CONFIG_BOOTCOMMAND="nand read 0x22000000 0x200000 0x300000; bootm"
|
|||
CONFIG_BOARD_EARLY_INIT_F=y
|
||||
# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
|
||||
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
|
||||
CONFIG_SPL_CRC32_SUPPORT=y
|
||||
CONFIG_SPL_CRC32=y
|
||||
CONFIG_SPL_NAND_SUPPORT=y
|
||||
CONFIG_SPL_NAND_DRIVERS=y
|
||||
CONFIG_SPL_NAND_ECC=y
|
||||
|
|
|
@ -30,10 +30,10 @@ struct fdt_region;
|
|||
#define IMAGE_ENABLE_FIT 1
|
||||
#define IMAGE_ENABLE_OF_LIBFDT 1
|
||||
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
|
||||
#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
|
||||
#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
|
||||
#define CONFIG_FIT_ENABLE_SHA384_SUPPORT
|
||||
#define CONFIG_FIT_ENABLE_SHA512_SUPPORT
|
||||
#define CONFIG_FIT_RSASSA_PSS 1
|
||||
#define CONFIG_FIT_SHA256
|
||||
#define CONFIG_FIT_SHA384
|
||||
#define CONFIG_FIT_SHA512
|
||||
#define CONFIG_SHA1
|
||||
#define CONFIG_SHA256
|
||||
#define CONFIG_SHA384
|
||||
|
@ -47,6 +47,7 @@ struct fdt_region;
|
|||
#include <lmb.h>
|
||||
#include <asm/u-boot.h>
|
||||
#include <command.h>
|
||||
#include <linker_lists.h>
|
||||
|
||||
/* Take notice of the 'ignore' property for hashes */
|
||||
#define IMAGE_ENABLE_IGNORE 1
|
||||
|
@ -62,19 +63,15 @@ struct fdt_region;
|
|||
#include <linux/libfdt.h>
|
||||
#include <fdt_support.h>
|
||||
# ifdef CONFIG_SPL_BUILD
|
||||
# ifdef CONFIG_SPL_CRC32_SUPPORT
|
||||
# ifdef CONFIG_SPL_CRC32
|
||||
# define IMAGE_ENABLE_CRC32 1
|
||||
# endif
|
||||
# ifdef CONFIG_SPL_MD5_SUPPORT
|
||||
# ifdef CONFIG_SPL_MD5
|
||||
# define IMAGE_ENABLE_MD5 1
|
||||
# endif
|
||||
# ifdef CONFIG_SPL_SHA1_SUPPORT
|
||||
# define IMAGE_ENABLE_SHA1 1
|
||||
# endif
|
||||
# else
|
||||
# define IMAGE_ENABLE_CRC32 1
|
||||
# define IMAGE_ENABLE_MD5 1
|
||||
# define IMAGE_ENABLE_SHA1 1
|
||||
# endif
|
||||
|
||||
#ifndef IMAGE_ENABLE_CRC32
|
||||
|
@ -85,31 +82,6 @@ struct fdt_region;
|
|||
#define IMAGE_ENABLE_MD5 0
|
||||
#endif
|
||||
|
||||
#ifndef IMAGE_ENABLE_SHA1
|
||||
#define IMAGE_ENABLE_SHA1 0
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
|
||||
defined(CONFIG_SPL_SHA256_SUPPORT)
|
||||
#define IMAGE_ENABLE_SHA256 1
|
||||
#else
|
||||
#define IMAGE_ENABLE_SHA256 0
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \
|
||||
defined(CONFIG_SPL_SHA384_SUPPORT)
|
||||
#define IMAGE_ENABLE_SHA384 1
|
||||
#else
|
||||
#define IMAGE_ENABLE_SHA384 0
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \
|
||||
defined(CONFIG_SPL_SHA512_SUPPORT)
|
||||
#define IMAGE_ENABLE_SHA512 1
|
||||
#else
|
||||
#define IMAGE_ENABLE_SHA512 0
|
||||
#endif
|
||||
|
||||
#endif /* IMAGE_ENABLE_FIT */
|
||||
|
||||
#ifdef CONFIG_SYS_BOOT_GET_CMDLINE
|
||||
|
@ -1224,20 +1196,14 @@ int calculate_hash(const void *data, int data_len, const char *algo,
|
|||
#if defined(USE_HOSTCC)
|
||||
# if defined(CONFIG_FIT_SIGNATURE)
|
||||
# define IMAGE_ENABLE_SIGN 1
|
||||
# define IMAGE_ENABLE_VERIFY 1
|
||||
# define IMAGE_ENABLE_VERIFY_ECDSA 1
|
||||
# define FIT_IMAGE_ENABLE_VERIFY 1
|
||||
# include <openssl/evp.h>
|
||||
# else
|
||||
# define IMAGE_ENABLE_SIGN 0
|
||||
# define IMAGE_ENABLE_VERIFY 0
|
||||
# define IMAGE_ENABLE_VERIFY_ECDSA 0
|
||||
# define FIT_IMAGE_ENABLE_VERIFY 0
|
||||
# endif
|
||||
#else
|
||||
# define IMAGE_ENABLE_SIGN 0
|
||||
# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
|
||||
# define IMAGE_ENABLE_VERIFY_ECDSA 0
|
||||
# define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE)
|
||||
#endif
|
||||
|
||||
|
@ -1250,11 +1216,6 @@ void image_set_host_blob(void *host_blob);
|
|||
# define gd_fdt_blob() (gd->fdt_blob)
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_FIT_BEST_MATCH
|
||||
#define IMAGE_ENABLE_BEST_MATCH 1
|
||||
#else
|
||||
#define IMAGE_ENABLE_BEST_MATCH 0
|
||||
#endif
|
||||
#endif /* IMAGE_ENABLE_FIT */
|
||||
|
||||
/*
|
||||
|
@ -1293,7 +1254,7 @@ struct image_region {
|
|||
int size;
|
||||
};
|
||||
|
||||
#if IMAGE_ENABLE_VERIFY
|
||||
#if FIT_IMAGE_ENABLE_VERIFY
|
||||
# include <u-boot/hash-checksum.h>
|
||||
#endif
|
||||
struct checksum_algo {
|
||||
|
@ -1362,6 +1323,10 @@ struct crypto_algo {
|
|||
uint8_t *sig, uint sig_len);
|
||||
};
|
||||
|
||||
/* Declare a new U-Boot crypto algorithm handler */
|
||||
#define U_BOOT_CRYPTO_ALGO(__name) \
|
||||
ll_entry_declare(struct crypto_algo, __name, cryptos)
|
||||
|
||||
struct padding_algo {
|
||||
const char *name;
|
||||
int (*verify)(struct image_sign_info *info,
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
* @see "struct crypto_algo"
|
||||
* @{
|
||||
*/
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
/**
|
||||
* sign() - calculate and return signature for given input data
|
||||
*
|
||||
|
@ -49,22 +48,7 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
|
|||
* other -ve value on error
|
||||
*/
|
||||
int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
|
||||
#else
|
||||
static inline
|
||||
int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
|
||||
int region_count, uint8_t **sigp, uint *sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
static inline
|
||||
int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if IMAGE_ENABLE_VERIFY_ECDSA
|
||||
/**
|
||||
* verify() - Verify a signature against some data
|
||||
*
|
||||
|
@ -78,15 +62,6 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest)
|
|||
int ecdsa_verify(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t *sig, uint sig_len);
|
||||
#else
|
||||
static inline
|
||||
int ecdsa_verify(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t *sig, uint sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
#endif
|
||||
/** @} */
|
||||
|
||||
#define ECDSA256_BYTES (256 / 8)
|
||||
|
|
|
@ -31,7 +31,6 @@ struct rsa_public_key {
|
|||
|
||||
struct image_sign_info;
|
||||
|
||||
#if IMAGE_ENABLE_SIGN
|
||||
/**
|
||||
* sign() - calculate and return signature for given input data
|
||||
*
|
||||
|
@ -66,22 +65,7 @@ int rsa_sign(struct image_sign_info *info,
|
|||
other -ve value on error
|
||||
*/
|
||||
int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
|
||||
#else
|
||||
static inline int rsa_sign(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t **sigp, uint *sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
static inline int rsa_add_verify_data(struct image_sign_info *info,
|
||||
void *keydest)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if IMAGE_ENABLE_VERIFY
|
||||
/**
|
||||
* rsa_verify_hash() - Verify a signature against a hash
|
||||
*
|
||||
|
@ -119,42 +103,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
|
|||
uint8_t *msg, int msg_len,
|
||||
const uint8_t *hash, int hash_len);
|
||||
|
||||
#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
|
||||
#ifdef CONFIG_FIT_RSASSA_PSS
|
||||
int padding_pss_verify(struct image_sign_info *info,
|
||||
uint8_t *msg, int msg_len,
|
||||
const uint8_t *hash, int hash_len);
|
||||
#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
|
||||
#else
|
||||
static inline int rsa_verify_hash(struct image_sign_info *info,
|
||||
const uint8_t *hash,
|
||||
uint8_t *sig, uint sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
static inline int rsa_verify(struct image_sign_info *info,
|
||||
const struct image_region region[], int region_count,
|
||||
uint8_t *sig, uint sig_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
static inline int padding_pkcs_15_verify(struct image_sign_info *info,
|
||||
uint8_t *msg, int msg_len,
|
||||
const uint8_t *hash, int hash_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
|
||||
static inline int padding_pss_verify(struct image_sign_info *info,
|
||||
uint8_t *msg, int msg_len,
|
||||
const uint8_t *hash, int hash_len)
|
||||
{
|
||||
return -ENXIO;
|
||||
}
|
||||
#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
|
||||
#endif
|
||||
#endif /* CONFIG_FIT_RSASSA_PSS */
|
||||
|
||||
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
|
||||
|
||||
|
|
|
@ -442,7 +442,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
|
|||
goto err_sign;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
|
||||
#ifdef CONFIG_FIT_RSASSA_PSS
|
||||
if (padding_algo && !strcmp(padding_algo->name, "pss")) {
|
||||
if (EVP_PKEY_CTX_set_rsa_padding(ckey,
|
||||
RSA_PKCS1_PSS_PADDING) <= 0) {
|
||||
|
@ -450,7 +450,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
|
|||
goto err_sign;
|
||||
}
|
||||
}
|
||||
#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
|
||||
#endif /* CONFIG_FIT_RSASSA_PSS */
|
||||
|
||||
for (i = 0; i < region_count; i++) {
|
||||
if (!EVP_DigestSignUpdate(context, region[i].data,
|
||||
|
|
|
@ -95,7 +95,7 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
|
||||
#ifdef CONFIG_FIT_RSASSA_PSS
|
||||
static void u32_i2osp(uint32_t val, uint8_t *buf)
|
||||
{
|
||||
buf[0] = (uint8_t)((val >> 24) & 0xff);
|
||||
|
@ -571,3 +571,19 @@ int rsa_verify(struct image_sign_info *info,
|
|||
|
||||
return rsa_verify_hash(info, hash, sig, sig_len);
|
||||
}
|
||||
|
||||
#ifndef USE_HOSTCC
|
||||
|
||||
U_BOOT_CRYPTO_ALGO(rsa2048) = {
|
||||
.name = "rsa2048",
|
||||
.key_len = RSA2048_BYTES,
|
||||
.verify = rsa_verify,
|
||||
};
|
||||
|
||||
U_BOOT_CRYPTO_ALGO(rsa4096) = {
|
||||
.name = "rsa4096",
|
||||
.key_len = RSA4096_BYTES,
|
||||
.verify = rsa_verify,
|
||||
};
|
||||
|
||||
#endif
|
||||
|
|
|
@ -9,4 +9,15 @@ config MKIMAGE_DTC_PATH
|
|||
some cases the system dtc may not support all required features
|
||||
and the path to a different version should be given here.
|
||||
|
||||
config TOOLS_LIBCRYPTO
|
||||
bool "Use OpenSSL's libcrypto library for host tools"
|
||||
default y
|
||||
help
|
||||
Cryptographic signature, verification, and encryption of images is
|
||||
provided by host tools using OpenSSL's libcrypto. Select 'n' here if
|
||||
you wish to build host tools without OpenSSL. mkimage will not have
|
||||
the ability to sign images.
|
||||
This selection does not affect target features, such as runtime FIT
|
||||
signature verification.
|
||||
|
||||
endmenu
|
||||
|
|
|
@ -3,6 +3,25 @@
|
|||
# (C) Copyright 2000-2006
|
||||
# Wolfgang Denk, DENX Software Engineering, wd@denx.de.
|
||||
|
||||
# A note on target vs host configuration:
|
||||
#
|
||||
# Host tools can be used across multiple targets, or different configurations
|
||||
# of the same target. Thus, host tools must be able to handle any combination
|
||||
# of target configurations. To prevent having different variations of the same
|
||||
# tool, the tool build options may not depend on target configuration.
|
||||
#
|
||||
# Some linux distributions package these utilities as u-boot-tools, and it
|
||||
# would be unmaintainable to have a different tool variation for each
|
||||
# arch or configuration.
|
||||
#
|
||||
# A couple of simple rules:
|
||||
#
|
||||
# 1) Do not use target CONFIG_* options to enable or disable features in host
|
||||
# tools. Only use the configs from tools/Kconfig
|
||||
# 2) It's okay to use target configs to disable building specific tools.
|
||||
# That's as long as the features of those tools aren't modified.
|
||||
#
|
||||
|
||||
# Enable all the config-independent tools
|
||||
ifneq ($(HOST_TOOLS_ALL),)
|
||||
CONFIG_ARCH_KIRKWOOD = y
|
||||
|
@ -53,30 +72,30 @@ hostprogs-y += mkenvimage
|
|||
mkenvimage-objs := mkenvimage.o os_support.o lib/crc32.o
|
||||
|
||||
hostprogs-y += dumpimage mkimage
|
||||
hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info fit_check_sign
|
||||
hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fit_info fit_check_sign
|
||||
|
||||
hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include
|
||||
|
||||
FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o
|
||||
FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o common/image-fit-sig.o
|
||||
FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o
|
||||
FIT_OBJS-y := fit_common.o fit_image.o image-host.o common/image-fit.o
|
||||
FIT_SIG_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := image-sig-host.o common/image-fit-sig.o
|
||||
FIT_CIPHER_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := common/image-cipher.o
|
||||
|
||||
# The following files are synced with upstream DTC.
|
||||
# Use synced versions from scripts/dtc/libfdt/.
|
||||
LIBFDT_OBJS := $(addprefix libfdt/, fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o \
|
||||
fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o)
|
||||
|
||||
RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \
|
||||
RSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/rsa/, \
|
||||
rsa-sign.o rsa-verify.o \
|
||||
rsa-mod-exp.o)
|
||||
|
||||
ECDSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o)
|
||||
ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o)
|
||||
|
||||
AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \
|
||||
AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
|
||||
aes-encrypt.o aes-decrypt.o)
|
||||
|
||||
# Cryptographic helpers that depend on openssl/libcrypto
|
||||
LIBCRYPTO_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/, \
|
||||
LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
|
||||
fdt-libcrypto.o)
|
||||
|
||||
ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
|
||||
|
@ -136,22 +155,17 @@ fit_info-objs := $(dumpimage-mkimage-objs) fit_info.o
|
|||
fit_check_sign-objs := $(dumpimage-mkimage-objs) fit_check_sign.o
|
||||
file2include-objs := file2include.o
|
||||
|
||||
ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_FIT_SIGNATURE),)
|
||||
ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_LIBCRYPTO),)
|
||||
# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register
|
||||
# the mxsimage support within tools/mxsimage.c .
|
||||
HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS
|
||||
endif
|
||||
|
||||
ifdef CONFIG_FIT_SIGNATURE
|
||||
ifdef CONFIG_TOOLS_LIBCRYPTO
|
||||
# This affects include/image.h, but including the board config file
|
||||
# is tricky, so manually define this options here.
|
||||
HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE
|
||||
HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=$(CONFIG_FIT_SIGNATURE_MAX_SIZE)
|
||||
endif
|
||||
|
||||
ifdef CONFIG_FIT_CIPHER
|
||||
# This affects include/image.h, but including the board config file
|
||||
# is tricky, so manually define this options here.
|
||||
HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
|
||||
HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER
|
||||
endif
|
||||
|
||||
|
@ -164,7 +178,7 @@ HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE
|
|||
endif
|
||||
|
||||
# MXSImage needs LibSSL
|
||||
ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),)
|
||||
ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
|
||||
HOSTCFLAGS_kwbimage.o += \
|
||||
$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
|
||||
HOSTLDLIBS_mkimage += \
|
||||
|
|
133
tools/image-sig-host.c
Normal file
133
tools/image-sig-host.c
Normal file
|
@ -0,0 +1,133 @@
|
|||
// SPDX-License-Identifier: GPL-2.0+
|
||||
/*
|
||||
* Copyright (c) 2013, Google Inc.
|
||||
*/
|
||||
|
||||
#include "mkimage.h"
|
||||
#include <fdt_support.h>
|
||||
#include <time.h>
|
||||
#include <linux/libfdt.h>
|
||||
#include <image.h>
|
||||
#include <u-boot/ecdsa.h>
|
||||
#include <u-boot/rsa.h>
|
||||
#include <u-boot/hash-checksum.h>
|
||||
|
||||
struct checksum_algo checksum_algos[] = {
|
||||
{
|
||||
.name = "sha1",
|
||||
.checksum_len = SHA1_SUM_LEN,
|
||||
.der_len = SHA1_DER_LEN,
|
||||
.der_prefix = sha1_der_prefix,
|
||||
.calculate_sign = EVP_sha1,
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
{
|
||||
.name = "sha256",
|
||||
.checksum_len = SHA256_SUM_LEN,
|
||||
.der_len = SHA256_DER_LEN,
|
||||
.der_prefix = sha256_der_prefix,
|
||||
.calculate_sign = EVP_sha256,
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
{
|
||||
.name = "sha384",
|
||||
.checksum_len = SHA384_SUM_LEN,
|
||||
.der_len = SHA384_DER_LEN,
|
||||
.der_prefix = sha384_der_prefix,
|
||||
.calculate_sign = EVP_sha384,
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
{
|
||||
.name = "sha512",
|
||||
.checksum_len = SHA512_SUM_LEN,
|
||||
.der_len = SHA512_DER_LEN,
|
||||
.der_prefix = sha512_der_prefix,
|
||||
.calculate_sign = EVP_sha512,
|
||||
.calculate = hash_calculate,
|
||||
},
|
||||
};
|
||||
|
||||
struct crypto_algo crypto_algos[] = {
|
||||
{
|
||||
.name = "rsa2048",
|
||||
.key_len = RSA2048_BYTES,
|
||||
.sign = rsa_sign,
|
||||
.add_verify_data = rsa_add_verify_data,
|
||||
.verify = rsa_verify,
|
||||
},
|
||||
{
|
||||
.name = "rsa4096",
|
||||
.key_len = RSA4096_BYTES,
|
||||
.sign = rsa_sign,
|
||||
.add_verify_data = rsa_add_verify_data,
|
||||
.verify = rsa_verify,
|
||||
},
|
||||
{
|
||||
.name = "ecdsa256",
|
||||
.key_len = ECDSA256_BYTES,
|
||||
.sign = ecdsa_sign,
|
||||
.add_verify_data = ecdsa_add_verify_data,
|
||||
.verify = ecdsa_verify,
|
||||
},
|
||||
};
|
||||
|
||||
struct padding_algo padding_algos[] = {
|
||||
{
|
||||
.name = "pkcs-1.5",
|
||||
.verify = padding_pkcs_15_verify,
|
||||
},
|
||||
{
|
||||
.name = "pss",
|
||||
.verify = padding_pss_verify,
|
||||
}
|
||||
};
|
||||
|
||||
struct checksum_algo *image_get_checksum_algo(const char *full_name)
|
||||
{
|
||||
int i;
|
||||
const char *name;
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
|
||||
name = checksum_algos[i].name;
|
||||
/* Make sure names match and next char is a comma */
|
||||
if (!strncmp(name, full_name, strlen(name)) &&
|
||||
full_name[strlen(name)] == ',')
|
||||
return &checksum_algos[i];
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct crypto_algo *image_get_crypto_algo(const char *full_name)
|
||||
{
|
||||
int i;
|
||||
const char *name;
|
||||
|
||||
/* Move name to after the comma */
|
||||
name = strchr(full_name, ',');
|
||||
if (!name)
|
||||
return NULL;
|
||||
name += 1;
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
|
||||
if (!strcmp(crypto_algos[i].name, name))
|
||||
return &crypto_algos[i];
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct padding_algo *image_get_padding_algo(const char *name)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (!name)
|
||||
return NULL;
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
|
||||
if (!strcmp(padding_algos[i].name, name))
|
||||
return &padding_algos[i];
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
Loading…
Add table
Reference in a new issue