Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.

Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.
Signed-off-by: NLokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: NTom Rini <trini@konsulko.com>
Signed-off-by: NTero Kristo <kristo@kernel.org>

Migrate CONFIG_LMB in Kconfig.
Signed-off-by: NPatrick Delaunay <patrick.delaunay@foss.st.com>

It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.

Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.
Signed-off-by: NSimon Glass <sjg@chromium.org>

Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.

Fixes: c5819701 image: Adjust the workings of fit_check_format()
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NMark Kettenis <kettenis@openbsd.org>

There's no point in guarding function prototypes with #ifdefs. If a
function is not defined, the linker will notice. Having the prototype
does not affect code size.

What the #if guard takes away is the ability to use IS_ENABLED:

	if (CONFIG_IS ENABLED(FIT_IMAGE_POST_PROCESS))
		board_fit_image_post_process(...)

When the prototype is guarded, the above form cannot be used. This
leads to the proliferation of #ifdefs, and unreadable code. The
opportunity cost of the #if guard outweighs any benefits. Remove it.

Since the original version of this patch, an empty definition was
added by commit f14e6eec ("image: cleanup pre-processor usage").
The empty definition can cause silent failures, when an implementation
of board_fit_image_post_process() is expected because the linker will
not catch the missing function. Thus this patch removes this empty
inline declaration.

Fixes: f14e6eec ("image: cleanup pre-processor usage")
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reported-by: NBruce Monroe <bruce.monroe@intel.com>
Reported-by: NArie Haenel <arie.haenel@intel.com>
Reported-by: NJulien Lenoir <julien.lenoir@intel.com>

So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.

Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.
Signed-off-by: NAndre Przywara <andre.przywara@arm.com>
Reviewed-by: NJernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: NSamuel Holland <samuel@sholland.org>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Replace most #ifdef checks for USE_HOSTCC and CONFIG_*
with normal if instructions.
Reviewed-by: NSimon Glass <sjg@chromium.org>
Signed-off-by: NSebastian Reichel <sebastian.reichel@collabora.com>

The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.

This function will also be used in implementing UEFI capsule update
in a later commit.
Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: NTom Rini <trini@konsulko.com>

Fix some comments about functions.
Move genimg_get_comp_name() above genimg_get_short_name() because
genimg_get_comp_name() is related to get_table_entry_name().
Signed-off-by: NNaoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Add a generic function which can check whether a category has an
entry ID.
Signed-off-by: NNaoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.
Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com>

The Linux coding style guide (Documentation/process/coding-style.rst)
clearly says:

  It's a **mistake** to use typedef for structures and pointers.

Besides, using typedef for structures is annoying when you try to make
headers self-contained.

Let's say you have the following function declaration in a header:

  void foo(bd_t *bd);

This is not self-contained since bd_t is not defined.

To tell the compiler what 'bd_t' is, you need to include <asm/u-boot.h>

  #include <asm/u-boot.h>
  void foo(bd_t *bd);

Then, the include direcective pulls in more bloat needlessly.

If you use 'struct bd_info' instead, it is enough to put a forward
declaration as follows:

  struct bd_info;
  void foo(struct bd_info *bd);

Right, typedef'ing bd_t is a mistake.

I used coccinelle to generate this commit.

The semantic patch that makes this change is as follows:

  <smpl>
  @@
  typedef bd_t;
  @@
  -bd_t
  +struct bd_info
  </smpl>
Signed-off-by: NMasahiro Yamada <masahiroy@kernel.org>

This patch adds support for ZSTD decompression of FIT images.
Signed-off-by: NRobert Marko <robert.marko@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfmSigned-off-by: NReuben Dowle <reuben.dowle@4rf.com>

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.
Signed-off-by: NSimon Glass <sjg@chromium.org>

Currently, there is no method that can detect compression types
given a file. This is very useful where a compressed kernel image
is loaded directly to the memory.

Inspect initial few bytes to figure out compression type of the
image. It will be used in booti method for now but can be reused
any other function in future as well.
Signed-off-by: NAtish Patra <atish.patra@wdc.com>
Reviewed-by: NTom Rini <trini@konsulko.com>

These are used in multiple places so update them to use a shared #define.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NPhilippe Reynes <philippe.reynes@softathome.com>

This should mention that conf_uname can be NULL and should be in the
header file. Fix this.
Signed-off-by: NSimon Glass <sjg@chromium.org>

For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.

Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.
Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: NSimon Glass <sjg@chromium.org>

On Feb. 16, 2020, Tom reported [1] build failure of U-Boot in-tree
tooling after applying https://patchwork.ozlabs.org/cover/1229663/
("[v6,0/7] rsa: extend rsa_verify() for UEFI secure boot").

Later on, Heinrich stressed the urgency of the issue in
https://patchwork.ozlabs.org/patch/1250858/#2379069:

 >>>>>>>>>
 We should finalize the topic as it stops EFI patches from being merged
 >>>>>>>>>

On the surface, the problem is caused by U-Boot commits [2-3], which
employed 'u32' in 'include/image.h', while historically U-Boot tooling
stayed agnostic on the {u,s}{8,16,32} types.

Thanks to Tom, Yamada-san and Heinrich, the following solutions have
been put head-to-head ('+' pros, '-' cons):

 A. Use an equivalent fixed-size type, i.e. s/u32/uint32_t/ in both
    android function prototypes (image.h) and definitions (c file):
    + quick and low-line-count
    - creates a 'soup' of fixed-sized types in the Android C file
    - will confuse contributors
    - is going against Linux kernel best practices [4]

 B. Guard Android functions by '!defined(USE_HOSTCC)' in image.h:
    + quick and low-line-count
    + reflects the reality (no android function is used by tooling)
    + zero impact on other subsystems
    - ifdeffery may look annoying (pre-existing problem of image.h)

 C. Make {u8,u16,u32} available in U-Boot tooling:
    + quick and low-line-count
    + [Yamada-san][5]:
      * forbidding u32 for tools is questionable to me
      * Linux kernel and Barebox use {u8,u16,u32} for the tools space
    - breaks U-Boot tradition?
    - has larger impact than [A] and [B]
    - adds type complexity/inconsistency in the tooling space

 D. [Yamada-san] Refactor the headers to minimize the code shared
    between U-Boot space and tooling space:
    + probably the long-term solution
    - high effort
    - can be seen/done as an incremental update on top of [B]

Looking at the above, [B] looks like the natural way to go forward.

[1] https://patchwork.ozlabs.org/patch/1238245/#2363052
[2] commit 7f253150 ("image: android: Add routine to get dtbo params")
[3] commit c3bfad82 ("image: android: Add functions for handling dtb field")
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6176fa4728fb6d
    ("checkpatch: add --strict warning for c99 fixed size typedefs : int<size>_t")
[5] https://patchwork.ozlabs.org/patch/1238245/#2363340

Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Sam Protsenko <joe.skb7@gmail.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: NTom Rini <trini@konsulko.com>
Signed-off-by: NEugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: NHeinrich Schuchardt <xpyron.glpk@gmx.de>

Android Boot Image v1 adds "Recovery DTB" field in image header and
associate payload in boot image itself [1]. Payload should be in
Android DTB/DTBO format [2]. That "Recovery DTB" area should be only
populated for non-A/B devices, and only in recovery image.

Add function to get an address and size of that payload. That function
can be further used e.g. in 'abootimg' command to provide the user a way
to get the address of recovery dtbo from U-Boot shell, which can be
further parsed using 'adtimg' command.

[1] https://source.android.com/devices/bootloader/boot-image-header
[2] https://source.android.com/devices/architecture/dto/partitionsSigned-off-by: NSam Protsenko <joe.skb7@gmail.com>
Signed-off-by: NLokesh Vutla <lokeshvutla@ti.com>

Android Boot Image v2 adds "DTB" payload (and corresponding field in the
image header). Provide functions for its handling:

  - android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of
    boot image, by blob's index
  - android_image_print_dtb_contents(): Iterate over all DTB blobs in
    "DTB" part of boot image and print those blobs info

"DTB" payload might be in one of the following formats:
  1. concatenated DTB blobs
  2. Android DTBO format

The latter requires "android-image-dt.c" functionality, so this commit
selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option.

Right now this new functionality isn't used, but it can be used further.
As it's required to apply some specific dtbo blob(s) from "dtbo"
partition, we can't automate this process inside of "bootm" command. But
we can do next:
  - come up with some new command like "abootimg" to extract dtb blob
    from boot image (using functions from this patch)
  - extract desired dtbo blobs from "dtbo" partition using "adtimg"
    command
  - merge dtbo blobs into dtb blob using "fdt apply" command
  - pass resulting dtb blob into bootm command in order to boot the
    Android kernel with Android ramdisk from boot image
Signed-off-by: NSam Protsenko <joe.skb7@gmail.com>
Signed-off-by: NLokesh Vutla <lokeshvutla@ti.com>

This function has a very generic name which does not adequately describe
its purpose. Rename it and move it to image.h, since it relates to reading
a script from an image.
Signed-off-by: NSimon Glass <sjg@chromium.org>

These three globals relate to image handling. Move them to the image
header file.
Signed-off-by: NSimon Glass <sjg@chromium.org>

This function has a very generic name which does not adequately describe
its purpose. Rename it and move it to image.h, since it relates to reading
a script from an image.
Signed-off-by: NSimon Glass <sjg@chromium.org>

These three globals relate to image handling. Move them to the image
header file.
Signed-off-by: NSimon Glass <sjg@chromium.org>

This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.
Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com>

This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com>

Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.

Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};
Signed-off-by: NCristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>

__be32 has Linux kernel specific __attribute__((bitwise)) which is
not portable. Use uint32_t instead.
Signed-off-by: NBin Meng <bmeng.cn@gmail.com>

Define new image type for coprocessor images.
It is used in FIT to identify the files loaded
with remoteproc command (elf or bin).
Signed-off-by: NLoic Pallardy <loic.pallardy@st.com>
Signed-off-by: NPatrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

RISC-V OpenSBI is an open-source implementation of the RISC-V Supervisor
Binary Interface (SBI) specification. It is required by Linux and U-Boot
running in supervisor mode. This patch adds support for booting via the
OpenSBI FW_DYNAMIC firmware. It supports OpenSBI version 0.4 and higher.

In this configuration, U-Boot SPL starts in machine mode. After loading
OpenSBI and U-Boot proper, it will start OpenSBI. All necessary
parameters are generated by U-Boot SPL and are passed to OpenSBI. U-Boot
proper is started in supervisor mode by OpenSBI. Support for OpenSBI is
enabled with CONFIG_SPL_OPENSBI. An additional configuration entry,
CONFIG_SPL_OPENSBI_LOAD_ADDR, is used to specify the load address of the
OpenSBI firmware binary. It is not used directly in U-Boot and instead
is intended to make the value available to scripts such as FIT
configuration generators.

The header file include/opensbi.h is based on header files from the
OpenSBI project. They are recent, as of commit bae54f764570 ("firmware:
Add fw_dynamic firmware").
Signed-off-by: NLukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: NBin Meng <bmeng.cn@gmail.com>
Tested-by: NBin Meng <bmeng.cn@gmail.com>
Reviewed-by: NAnup Patel <anup.patel@wdc.com>