1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) 2013, Google Inc.
4 *
5 * (C) Copyright 2008 Semihalf
6 *
7 * (C) Copyright 2000-2006
8 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
9 */
10
11 #define LOG_CATEGORY LOGC_BOOT
12
13 #ifdef USE_HOSTCC
14 #include "mkimage.h"
15 #include <time.h>
16 #include <linux/libfdt.h>
17 #include <u-boot/crc.h>
18 #else
19 #include <linux/compiler.h>
20 #include <common.h>
21 #include <errno.h>
22 #include <log.h>
23 #include <mapmem.h>
24 #include <asm/io.h>
25 #include <malloc.h>
26 #include <asm/global_data.h>
27 DECLARE_GLOBAL_DATA_PTR;
28 #endif /* !USE_HOSTCC*/
29
30 #include <bootm.h>
31 #include <image.h>
32 #include <bootstage.h>
33 #include <linux/kconfig.h>
34 #include <u-boot/crc.h>
35 #include <u-boot/md5.h>
36 #include <u-boot/sha1.h>
37 #include <u-boot/sha256.h>
38 #include <u-boot/sha512.h>
39
40 /*****************************************************************************/
41 /* New uImage format routines */
42 /*****************************************************************************/
43 #ifndef USE_HOSTCC
fit_parse_spec(const char * spec,char sepc,ulong addr_curr,ulong * addr,const char ** name)44 static int fit_parse_spec(const char *spec, char sepc, ulong addr_curr,
45 ulong *addr, const char **name)
46 {
47 const char *sep;
48
49 *addr = addr_curr;
50 *name = NULL;
51
52 sep = strchr(spec, sepc);
53 if (sep) {
54 if (sep - spec > 0)
55 *addr = simple_strtoul(spec, NULL, 16);
56
57 *name = sep + 1;
58 return 1;
59 }
60
61 return 0;
62 }
63
64 /**
65 * fit_parse_conf - parse FIT configuration spec
66 * @spec: input string, containing configuration spec
67 * @add_curr: current image address (to be used as a possible default)
68 * @addr: pointer to a ulong variable, will hold FIT image address of a given
69 * configuration
70 * @conf_name double pointer to a char, will hold pointer to a configuration
71 * unit name
72 *
73 * fit_parse_conf() expects configuration spec in the form of [<addr>]#<conf>,
74 * where <addr> is a FIT image address that contains configuration
75 * with a <conf> unit name.
76 *
77 * Address part is optional, and if omitted default add_curr will
78 * be used instead.
79 *
80 * returns:
81 * 1 if spec is a valid configuration string,
82 * addr and conf_name are set accordingly
83 * 0 otherwise
84 */
fit_parse_conf(const char * spec,ulong addr_curr,ulong * addr,const char ** conf_name)85 int fit_parse_conf(const char *spec, ulong addr_curr,
86 ulong *addr, const char **conf_name)
87 {
88 return fit_parse_spec(spec, '#', addr_curr, addr, conf_name);
89 }
90
91 /**
92 * fit_parse_subimage - parse FIT subimage spec
93 * @spec: input string, containing subimage spec
94 * @add_curr: current image address (to be used as a possible default)
95 * @addr: pointer to a ulong variable, will hold FIT image address of a given
96 * subimage
97 * @image_name: double pointer to a char, will hold pointer to a subimage name
98 *
99 * fit_parse_subimage() expects subimage spec in the form of
100 * [<addr>]:<subimage>, where <addr> is a FIT image address that contains
101 * subimage with a <subimg> unit name.
102 *
103 * Address part is optional, and if omitted default add_curr will
104 * be used instead.
105 *
106 * returns:
107 * 1 if spec is a valid subimage string,
108 * addr and image_name are set accordingly
109 * 0 otherwise
110 */
fit_parse_subimage(const char * spec,ulong addr_curr,ulong * addr,const char ** image_name)111 int fit_parse_subimage(const char *spec, ulong addr_curr,
112 ulong *addr, const char **image_name)
113 {
114 return fit_parse_spec(spec, ':', addr_curr, addr, image_name);
115 }
116 #endif /* !USE_HOSTCC */
117
118 #ifdef USE_HOSTCC
119 /* Host tools use these implementations for Cipher and Signature support */
120 static void *host_blob;
121
image_set_host_blob(void * blob)122 void image_set_host_blob(void *blob)
123 {
124 host_blob = blob;
125 }
126
image_get_host_blob(void)127 void *image_get_host_blob(void)
128 {
129 return host_blob;
130 }
131 #endif /* USE_HOSTCC */
132
fit_get_debug(const void * fit,int noffset,char * prop_name,int err)133 static void fit_get_debug(const void *fit, int noffset,
134 char *prop_name, int err)
135 {
136 debug("Can't get '%s' property from FIT 0x%08lx, node: offset %d, name %s (%s)\n",
137 prop_name, (ulong)fit, noffset, fit_get_name(fit, noffset, NULL),
138 fdt_strerror(err));
139 }
140
141 /**
142 * fit_get_subimage_count - get component (sub-image) count
143 * @fit: pointer to the FIT format image header
144 * @images_noffset: offset of images node
145 *
146 * returns:
147 * number of image components
148 */
fit_get_subimage_count(const void * fit,int images_noffset)149 int fit_get_subimage_count(const void *fit, int images_noffset)
150 {
151 int noffset;
152 int ndepth;
153 int count = 0;
154
155 /* Process its subnodes, print out component images details */
156 for (ndepth = 0, count = 0,
157 noffset = fdt_next_node(fit, images_noffset, &ndepth);
158 (noffset >= 0) && (ndepth > 0);
159 noffset = fdt_next_node(fit, noffset, &ndepth)) {
160 if (ndepth == 1) {
161 count++;
162 }
163 }
164
165 return count;
166 }
167
168 #if CONFIG_IS_ENABLED(FIT_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT)
169 /**
170 * fit_image_print_data() - prints out the hash node details
171 * @fit: pointer to the FIT format image header
172 * @noffset: offset of the hash node
173 * @p: pointer to prefix string
174 * @type: Type of information to print ("hash" or "sign")
175 *
176 * fit_image_print_data() lists properties for the processed hash node
177 *
178 * This function avoid using puts() since it prints a newline on the host
179 * but does not in U-Boot.
180 *
181 * returns:
182 * no returned results
183 */
fit_image_print_data(const void * fit,int noffset,const char * p,const char * type)184 static void fit_image_print_data(const void *fit, int noffset, const char *p,
185 const char *type)
186 {
187 const char *keyname;
188 uint8_t *value;
189 int value_len;
190 char *algo;
191 const char *padding;
192 bool required;
193 int ret, i;
194
195 debug("%s %s node: '%s'\n", p, type,
196 fit_get_name(fit, noffset, NULL));
197 printf("%s %s algo: ", p, type);
198 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
199 printf("invalid/unsupported\n");
200 return;
201 }
202 printf("%s", algo);
203 keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
204 required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
205 if (keyname)
206 printf(":%s", keyname);
207 if (required)
208 printf(" (required)");
209 printf("\n");
210
211 padding = fdt_getprop(fit, noffset, "padding", NULL);
212 if (padding)
213 printf("%s %s padding: %s\n", p, type, padding);
214
215 ret = fit_image_hash_get_value(fit, noffset, &value,
216 &value_len);
217 printf("%s %s value: ", p, type);
218 if (ret) {
219 printf("unavailable\n");
220 } else {
221 for (i = 0; i < value_len; i++)
222 printf("%02x", value[i]);
223 printf("\n");
224 }
225
226 debug("%s %s len: %d\n", p, type, value_len);
227
228 /* Signatures have a time stamp */
229 if (IMAGE_ENABLE_TIMESTAMP && keyname) {
230 time_t timestamp;
231
232 printf("%s Timestamp: ", p);
233 if (fit_get_timestamp(fit, noffset, ×tamp))
234 printf("unavailable\n");
235 else
236 genimg_print_time(timestamp);
237 }
238 }
239
240 /**
241 * fit_image_print_verification_data() - prints out the hash/signature details
242 * @fit: pointer to the FIT format image header
243 * @noffset: offset of the hash or signature node
244 * @p: pointer to prefix string
245 *
246 * This lists properties for the processed hash node
247 *
248 * returns:
249 * no returned results
250 */
fit_image_print_verification_data(const void * fit,int noffset,const char * p)251 static void fit_image_print_verification_data(const void *fit, int noffset,
252 const char *p)
253 {
254 const char *name;
255
256 /*
257 * Check subnode name, must be equal to "hash" or "signature".
258 * Multiple hash/signature nodes require unique unit node
259 * names, e.g. hash-1, hash-2, signature-1, signature-2, etc.
260 */
261 name = fit_get_name(fit, noffset, NULL);
262 if (!strncmp(name, FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME))) {
263 fit_image_print_data(fit, noffset, p, "Hash");
264 } else if (!strncmp(name, FIT_SIG_NODENAME,
265 strlen(FIT_SIG_NODENAME))) {
266 fit_image_print_data(fit, noffset, p, "Sign");
267 }
268 }
269
270 /**
271 * fit_conf_print - prints out the FIT configuration details
272 * @fit: pointer to the FIT format image header
273 * @noffset: offset of the configuration node
274 * @p: pointer to prefix string
275 *
276 * fit_conf_print() lists all mandatory properties for the processed
277 * configuration node.
278 *
279 * returns:
280 * no returned results
281 */
fit_conf_print(const void * fit,int noffset,const char * p)282 static void fit_conf_print(const void *fit, int noffset, const char *p)
283 {
284 char *desc;
285 const char *uname;
286 int ret;
287 int fdt_index, loadables_index;
288 int ndepth;
289
290 /* Mandatory properties */
291 ret = fit_get_desc(fit, noffset, &desc);
292 printf("%s Description: ", p);
293 if (ret)
294 printf("unavailable\n");
295 else
296 printf("%s\n", desc);
297
298 uname = fdt_getprop(fit, noffset, FIT_KERNEL_PROP, NULL);
299 printf("%s Kernel: ", p);
300 if (!uname)
301 printf("unavailable\n");
302 else
303 printf("%s\n", uname);
304
305 /* Optional properties */
306 uname = fdt_getprop(fit, noffset, FIT_RAMDISK_PROP, NULL);
307 if (uname)
308 printf("%s Init Ramdisk: %s\n", p, uname);
309
310 uname = fdt_getprop(fit, noffset, FIT_FIRMWARE_PROP, NULL);
311 if (uname)
312 printf("%s Firmware: %s\n", p, uname);
313
314 for (fdt_index = 0;
315 uname = fdt_stringlist_get(fit, noffset, FIT_FDT_PROP,
316 fdt_index, NULL), uname;
317 fdt_index++) {
318 if (fdt_index == 0)
319 printf("%s FDT: ", p);
320 else
321 printf("%s ", p);
322 printf("%s\n", uname);
323 }
324
325 uname = fdt_getprop(fit, noffset, FIT_FPGA_PROP, NULL);
326 if (uname)
327 printf("%s FPGA: %s\n", p, uname);
328
329 /* Print out all of the specified loadables */
330 for (loadables_index = 0;
331 uname = fdt_stringlist_get(fit, noffset, FIT_LOADABLE_PROP,
332 loadables_index, NULL), uname;
333 loadables_index++) {
334 if (loadables_index == 0) {
335 printf("%s Loadables: ", p);
336 } else {
337 printf("%s ", p);
338 }
339 printf("%s\n", uname);
340 }
341
342 /* Process all hash subnodes of the component configuration node */
343 for (ndepth = 0, noffset = fdt_next_node(fit, noffset, &ndepth);
344 (noffset >= 0) && (ndepth > 0);
345 noffset = fdt_next_node(fit, noffset, &ndepth)) {
346 if (ndepth == 1) {
347 /* Direct child node of the component configuration node */
348 fit_image_print_verification_data(fit, noffset, p);
349 }
350 }
351 }
352
353 /**
354 * fit_print_contents - prints out the contents of the FIT format image
355 * @fit: pointer to the FIT format image header
356 * @p: pointer to prefix string
357 *
358 * fit_print_contents() formats a multi line FIT image contents description.
359 * The routine prints out FIT image properties (root node level) followed by
360 * the details of each component image.
361 *
362 * returns:
363 * no returned results
364 */
fit_print_contents(const void * fit)365 void fit_print_contents(const void *fit)
366 {
367 char *desc;
368 char *uname;
369 int images_noffset;
370 int confs_noffset;
371 int noffset;
372 int ndepth;
373 int count = 0;
374 int ret;
375 const char *p;
376 time_t timestamp;
377
378 /* Indent string is defined in header image.h */
379 p = IMAGE_INDENT_STRING;
380
381 /* Root node properties */
382 ret = fit_get_desc(fit, 0, &desc);
383 printf("%sFIT description: ", p);
384 if (ret)
385 printf("unavailable\n");
386 else
387 printf("%s\n", desc);
388
389 if (IMAGE_ENABLE_TIMESTAMP) {
390 ret = fit_get_timestamp(fit, 0, ×tamp);
391 printf("%sCreated: ", p);
392 if (ret)
393 printf("unavailable\n");
394 else
395 genimg_print_time(timestamp);
396 }
397
398 /* Find images parent node offset */
399 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
400 if (images_noffset < 0) {
401 printf("Can't find images parent node '%s' (%s)\n",
402 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
403 return;
404 }
405
406 /* Process its subnodes, print out component images details */
407 for (ndepth = 0, count = 0,
408 noffset = fdt_next_node(fit, images_noffset, &ndepth);
409 (noffset >= 0) && (ndepth > 0);
410 noffset = fdt_next_node(fit, noffset, &ndepth)) {
411 if (ndepth == 1) {
412 /*
413 * Direct child node of the images parent node,
414 * i.e. component image node.
415 */
416 printf("%s Image %u (%s)\n", p, count++,
417 fit_get_name(fit, noffset, NULL));
418
419 fit_image_print(fit, noffset, p);
420 }
421 }
422
423 /* Find configurations parent node offset */
424 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
425 if (confs_noffset < 0) {
426 debug("Can't get configurations parent node '%s' (%s)\n",
427 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
428 return;
429 }
430
431 /* get default configuration unit name from default property */
432 uname = (char *)fdt_getprop(fit, noffset, FIT_DEFAULT_PROP, NULL);
433 if (uname)
434 printf("%s Default Configuration: '%s'\n", p, uname);
435
436 /* Process its subnodes, print out configurations details */
437 for (ndepth = 0, count = 0,
438 noffset = fdt_next_node(fit, confs_noffset, &ndepth);
439 (noffset >= 0) && (ndepth > 0);
440 noffset = fdt_next_node(fit, noffset, &ndepth)) {
441 if (ndepth == 1) {
442 /*
443 * Direct child node of the configurations parent node,
444 * i.e. configuration node.
445 */
446 printf("%s Configuration %u (%s)\n", p, count++,
447 fit_get_name(fit, noffset, NULL));
448
449 fit_conf_print(fit, noffset, p);
450 }
451 }
452 }
453
454 /**
455 * fit_image_print - prints out the FIT component image details
456 * @fit: pointer to the FIT format image header
457 * @image_noffset: offset of the component image node
458 * @p: pointer to prefix string
459 *
460 * fit_image_print() lists all mandatory properties for the processed component
461 * image. If present, hash nodes are printed out as well. Load
462 * address for images of type firmware is also printed out. Since the load
463 * address is not mandatory for firmware images, it will be output as
464 * "unavailable" when not present.
465 *
466 * returns:
467 * no returned results
468 */
fit_image_print(const void * fit,int image_noffset,const char * p)469 void fit_image_print(const void *fit, int image_noffset, const char *p)
470 {
471 char *desc;
472 uint8_t type, arch, os, comp;
473 size_t size;
474 ulong load, entry;
475 const void *data;
476 int noffset;
477 int ndepth;
478 int ret;
479
480 /* Mandatory properties */
481 ret = fit_get_desc(fit, image_noffset, &desc);
482 printf("%s Description: ", p);
483 if (ret)
484 printf("unavailable\n");
485 else
486 printf("%s\n", desc);
487
488 if (IMAGE_ENABLE_TIMESTAMP) {
489 time_t timestamp;
490
491 ret = fit_get_timestamp(fit, 0, ×tamp);
492 printf("%s Created: ", p);
493 if (ret)
494 printf("unavailable\n");
495 else
496 genimg_print_time(timestamp);
497 }
498
499 fit_image_get_type(fit, image_noffset, &type);
500 printf("%s Type: %s\n", p, genimg_get_type_name(type));
501
502 fit_image_get_comp(fit, image_noffset, &comp);
503 printf("%s Compression: %s\n", p, genimg_get_comp_name(comp));
504
505 ret = fit_image_get_data_and_size(fit, image_noffset, &data, &size);
506
507 if (!host_build()) {
508 printf("%s Data Start: ", p);
509 if (ret) {
510 printf("unavailable\n");
511 } else {
512 void *vdata = (void *)data;
513
514 printf("0x%08lx\n", (ulong)map_to_sysmem(vdata));
515 }
516 }
517
518 printf("%s Data Size: ", p);
519 if (ret)
520 printf("unavailable\n");
521 else
522 genimg_print_size(size);
523
524 /* Remaining, type dependent properties */
525 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
526 (type == IH_TYPE_RAMDISK) || (type == IH_TYPE_FIRMWARE) ||
527 (type == IH_TYPE_FLATDT)) {
528 fit_image_get_arch(fit, image_noffset, &arch);
529 printf("%s Architecture: %s\n", p, genimg_get_arch_name(arch));
530 }
531
532 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_RAMDISK) ||
533 (type == IH_TYPE_FIRMWARE)) {
534 fit_image_get_os(fit, image_noffset, &os);
535 printf("%s OS: %s\n", p, genimg_get_os_name(os));
536 }
537
538 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
539 (type == IH_TYPE_FIRMWARE) || (type == IH_TYPE_RAMDISK) ||
540 (type == IH_TYPE_FPGA)) {
541 ret = fit_image_get_load(fit, image_noffset, &load);
542 printf("%s Load Address: ", p);
543 if (ret)
544 printf("unavailable\n");
545 else
546 printf("0x%08lx\n", load);
547 }
548
549 /* optional load address for FDT */
550 if (type == IH_TYPE_FLATDT && !fit_image_get_load(fit, image_noffset, &load))
551 printf("%s Load Address: 0x%08lx\n", p, load);
552
553 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
554 (type == IH_TYPE_RAMDISK)) {
555 ret = fit_image_get_entry(fit, image_noffset, &entry);
556 printf("%s Entry Point: ", p);
557 if (ret)
558 printf("unavailable\n");
559 else
560 printf("0x%08lx\n", entry);
561 }
562
563 /* Process all hash subnodes of the component image node */
564 for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth);
565 (noffset >= 0) && (ndepth > 0);
566 noffset = fdt_next_node(fit, noffset, &ndepth)) {
567 if (ndepth == 1) {
568 /* Direct child node of the component image node */
569 fit_image_print_verification_data(fit, noffset, p);
570 }
571 }
572 }
573 #else
fit_print_contents(const void * fit)574 void fit_print_contents(const void *fit) { }
fit_image_print(const void * fit,int image_noffset,const char * p)575 void fit_image_print(const void *fit, int image_noffset, const char *p) { }
576 #endif /* CONFIG_IS_ENABLED(FIR_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT) */
577
578 /**
579 * fit_get_desc - get node description property
580 * @fit: pointer to the FIT format image header
581 * @noffset: node offset
582 * @desc: double pointer to the char, will hold pointer to the description
583 *
584 * fit_get_desc() reads description property from a given node, if
585 * description is found pointer to it is returned in third call argument.
586 *
587 * returns:
588 * 0, on success
589 * -1, on failure
590 */
fit_get_desc(const void * fit,int noffset,char ** desc)591 int fit_get_desc(const void *fit, int noffset, char **desc)
592 {
593 int len;
594
595 *desc = (char *)fdt_getprop(fit, noffset, FIT_DESC_PROP, &len);
596 if (*desc == NULL) {
597 fit_get_debug(fit, noffset, FIT_DESC_PROP, len);
598 return -1;
599 }
600
601 return 0;
602 }
603
604 /**
605 * fit_get_timestamp - get node timestamp property
606 * @fit: pointer to the FIT format image header
607 * @noffset: node offset
608 * @timestamp: pointer to the time_t, will hold read timestamp
609 *
610 * fit_get_timestamp() reads timestamp property from given node, if timestamp
611 * is found and has a correct size its value is returned in third call
612 * argument.
613 *
614 * returns:
615 * 0, on success
616 * -1, on property read failure
617 * -2, on wrong timestamp size
618 */
fit_get_timestamp(const void * fit,int noffset,time_t * timestamp)619 int fit_get_timestamp(const void *fit, int noffset, time_t *timestamp)
620 {
621 int len;
622 const void *data;
623
624 data = fdt_getprop(fit, noffset, FIT_TIMESTAMP_PROP, &len);
625 if (data == NULL) {
626 fit_get_debug(fit, noffset, FIT_TIMESTAMP_PROP, len);
627 return -1;
628 }
629 if (len != sizeof(uint32_t)) {
630 debug("FIT timestamp with incorrect size of (%u)\n", len);
631 return -2;
632 }
633
634 *timestamp = uimage_to_cpu(*((uint32_t *)data));
635 return 0;
636 }
637
638 /**
639 * fit_image_get_node - get node offset for component image of a given unit name
640 * @fit: pointer to the FIT format image header
641 * @image_uname: component image node unit name
642 *
643 * fit_image_get_node() finds a component image (within the '/images'
644 * node) of a provided unit name. If image is found its node offset is
645 * returned to the caller.
646 *
647 * returns:
648 * image node offset when found (>=0)
649 * negative number on failure (FDT_ERR_* code)
650 */
fit_image_get_node(const void * fit,const char * image_uname)651 int fit_image_get_node(const void *fit, const char *image_uname)
652 {
653 int noffset, images_noffset;
654
655 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
656 if (images_noffset < 0) {
657 debug("Can't find images parent node '%s' (%s)\n",
658 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
659 return images_noffset;
660 }
661
662 noffset = fdt_subnode_offset(fit, images_noffset, image_uname);
663 if (noffset < 0) {
664 debug("Can't get node offset for image unit name: '%s' (%s)\n",
665 image_uname, fdt_strerror(noffset));
666 }
667
668 return noffset;
669 }
670
671 /**
672 * fit_image_get_os - get os id for a given component image node
673 * @fit: pointer to the FIT format image header
674 * @noffset: component image node offset
675 * @os: pointer to the uint8_t, will hold os numeric id
676 *
677 * fit_image_get_os() finds os property in a given component image node.
678 * If the property is found, its (string) value is translated to the numeric
679 * id which is returned to the caller.
680 *
681 * returns:
682 * 0, on success
683 * -1, on failure
684 */
fit_image_get_os(const void * fit,int noffset,uint8_t * os)685 int fit_image_get_os(const void *fit, int noffset, uint8_t *os)
686 {
687 int len;
688 const void *data;
689
690 /* Get OS name from property data */
691 data = fdt_getprop(fit, noffset, FIT_OS_PROP, &len);
692 if (data == NULL) {
693 fit_get_debug(fit, noffset, FIT_OS_PROP, len);
694 *os = -1;
695 return -1;
696 }
697
698 /* Translate OS name to id */
699 *os = genimg_get_os_id(data);
700 return 0;
701 }
702
703 /**
704 * fit_image_get_arch - get arch id for a given component image node
705 * @fit: pointer to the FIT format image header
706 * @noffset: component image node offset
707 * @arch: pointer to the uint8_t, will hold arch numeric id
708 *
709 * fit_image_get_arch() finds arch property in a given component image node.
710 * If the property is found, its (string) value is translated to the numeric
711 * id which is returned to the caller.
712 *
713 * returns:
714 * 0, on success
715 * -1, on failure
716 */
fit_image_get_arch(const void * fit,int noffset,uint8_t * arch)717 int fit_image_get_arch(const void *fit, int noffset, uint8_t *arch)
718 {
719 int len;
720 const void *data;
721
722 /* Get architecture name from property data */
723 data = fdt_getprop(fit, noffset, FIT_ARCH_PROP, &len);
724 if (data == NULL) {
725 fit_get_debug(fit, noffset, FIT_ARCH_PROP, len);
726 *arch = -1;
727 return -1;
728 }
729
730 /* Translate architecture name to id */
731 *arch = genimg_get_arch_id(data);
732 return 0;
733 }
734
735 /**
736 * fit_image_get_type - get type id for a given component image node
737 * @fit: pointer to the FIT format image header
738 * @noffset: component image node offset
739 * @type: pointer to the uint8_t, will hold type numeric id
740 *
741 * fit_image_get_type() finds type property in a given component image node.
742 * If the property is found, its (string) value is translated to the numeric
743 * id which is returned to the caller.
744 *
745 * returns:
746 * 0, on success
747 * -1, on failure
748 */
fit_image_get_type(const void * fit,int noffset,uint8_t * type)749 int fit_image_get_type(const void *fit, int noffset, uint8_t *type)
750 {
751 int len;
752 const void *data;
753
754 /* Get image type name from property data */
755 data = fdt_getprop(fit, noffset, FIT_TYPE_PROP, &len);
756 if (data == NULL) {
757 fit_get_debug(fit, noffset, FIT_TYPE_PROP, len);
758 *type = -1;
759 return -1;
760 }
761
762 /* Translate image type name to id */
763 *type = genimg_get_type_id(data);
764 return 0;
765 }
766
767 /**
768 * fit_image_get_comp - get comp id for a given component image node
769 * @fit: pointer to the FIT format image header
770 * @noffset: component image node offset
771 * @comp: pointer to the uint8_t, will hold comp numeric id
772 *
773 * fit_image_get_comp() finds comp property in a given component image node.
774 * If the property is found, its (string) value is translated to the numeric
775 * id which is returned to the caller.
776 *
777 * returns:
778 * 0, on success
779 * -1, on failure
780 */
fit_image_get_comp(const void * fit,int noffset,uint8_t * comp)781 int fit_image_get_comp(const void *fit, int noffset, uint8_t *comp)
782 {
783 int len;
784 const void *data;
785
786 /* Get compression name from property data */
787 data = fdt_getprop(fit, noffset, FIT_COMP_PROP, &len);
788 if (data == NULL) {
789 fit_get_debug(fit, noffset, FIT_COMP_PROP, len);
790 *comp = -1;
791 return -1;
792 }
793
794 /* Translate compression name to id */
795 *comp = genimg_get_comp_id(data);
796 return 0;
797 }
798
fit_image_get_address(const void * fit,int noffset,char * name,ulong * load)799 static int fit_image_get_address(const void *fit, int noffset, char *name,
800 ulong *load)
801 {
802 int len, cell_len;
803 const fdt32_t *cell;
804 uint64_t load64 = 0;
805
806 cell = fdt_getprop(fit, noffset, name, &len);
807 if (cell == NULL) {
808 fit_get_debug(fit, noffset, name, len);
809 return -1;
810 }
811
812 cell_len = len >> 2;
813 /* Use load64 to avoid compiling warning for 32-bit target */
814 while (cell_len--) {
815 load64 = (load64 << 32) | uimage_to_cpu(*cell);
816 cell++;
817 }
818
819 if (len > sizeof(ulong) && (uint32_t)(load64 >> 32)) {
820 printf("Unsupported %s address size\n", name);
821 return -1;
822 }
823
824 *load = (ulong)load64;
825
826 return 0;
827 }
828 /**
829 * fit_image_get_load() - get load addr property for given component image node
830 * @fit: pointer to the FIT format image header
831 * @noffset: component image node offset
832 * @load: pointer to the uint32_t, will hold load address
833 *
834 * fit_image_get_load() finds load address property in a given component
835 * image node. If the property is found, its value is returned to the caller.
836 *
837 * returns:
838 * 0, on success
839 * -1, on failure
840 */
fit_image_get_load(const void * fit,int noffset,ulong * load)841 int fit_image_get_load(const void *fit, int noffset, ulong *load)
842 {
843 return fit_image_get_address(fit, noffset, FIT_LOAD_PROP, load);
844 }
845
846 /**
847 * fit_image_get_entry() - get entry point address property
848 * @fit: pointer to the FIT format image header
849 * @noffset: component image node offset
850 * @entry: pointer to the uint32_t, will hold entry point address
851 *
852 * This gets the entry point address property for a given component image
853 * node.
854 *
855 * fit_image_get_entry() finds entry point address property in a given
856 * component image node. If the property is found, its value is returned
857 * to the caller.
858 *
859 * returns:
860 * 0, on success
861 * -1, on failure
862 */
fit_image_get_entry(const void * fit,int noffset,ulong * entry)863 int fit_image_get_entry(const void *fit, int noffset, ulong *entry)
864 {
865 return fit_image_get_address(fit, noffset, FIT_ENTRY_PROP, entry);
866 }
867
868 /**
869 * fit_image_get_data - get data property and its size for a given component image node
870 * @fit: pointer to the FIT format image header
871 * @noffset: component image node offset
872 * @data: double pointer to void, will hold data property's data address
873 * @size: pointer to size_t, will hold data property's data size
874 *
875 * fit_image_get_data() finds data property in a given component image node.
876 * If the property is found its data start address and size are returned to
877 * the caller.
878 *
879 * returns:
880 * 0, on success
881 * -1, on failure
882 */
fit_image_get_data(const void * fit,int noffset,const void ** data,size_t * size)883 int fit_image_get_data(const void *fit, int noffset,
884 const void **data, size_t *size)
885 {
886 int len;
887
888 *data = fdt_getprop(fit, noffset, FIT_DATA_PROP, &len);
889 if (*data == NULL) {
890 fit_get_debug(fit, noffset, FIT_DATA_PROP, len);
891 *size = 0;
892 return -1;
893 }
894
895 *size = len;
896 return 0;
897 }
898
899 /**
900 * Get 'data-offset' property from a given image node.
901 *
902 * @fit: pointer to the FIT image header
903 * @noffset: component image node offset
904 * @data_offset: holds the data-offset property
905 *
906 * returns:
907 * 0, on success
908 * -ENOENT if the property could not be found
909 */
fit_image_get_data_offset(const void * fit,int noffset,int * data_offset)910 int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset)
911 {
912 const fdt32_t *val;
913
914 val = fdt_getprop(fit, noffset, FIT_DATA_OFFSET_PROP, NULL);
915 if (!val)
916 return -ENOENT;
917
918 *data_offset = fdt32_to_cpu(*val);
919
920 return 0;
921 }
922
923 /**
924 * Get 'data-position' property from a given image node.
925 *
926 * @fit: pointer to the FIT image header
927 * @noffset: component image node offset
928 * @data_position: holds the data-position property
929 *
930 * returns:
931 * 0, on success
932 * -ENOENT if the property could not be found
933 */
fit_image_get_data_position(const void * fit,int noffset,int * data_position)934 int fit_image_get_data_position(const void *fit, int noffset,
935 int *data_position)
936 {
937 const fdt32_t *val;
938
939 val = fdt_getprop(fit, noffset, FIT_DATA_POSITION_PROP, NULL);
940 if (!val)
941 return -ENOENT;
942
943 *data_position = fdt32_to_cpu(*val);
944
945 return 0;
946 }
947
948 /**
949 * Get 'data-size' property from a given image node.
950 *
951 * @fit: pointer to the FIT image header
952 * @noffset: component image node offset
953 * @data_size: holds the data-size property
954 *
955 * returns:
956 * 0, on success
957 * -ENOENT if the property could not be found
958 */
fit_image_get_data_size(const void * fit,int noffset,int * data_size)959 int fit_image_get_data_size(const void *fit, int noffset, int *data_size)
960 {
961 const fdt32_t *val;
962
963 val = fdt_getprop(fit, noffset, FIT_DATA_SIZE_PROP, NULL);
964 if (!val)
965 return -ENOENT;
966
967 *data_size = fdt32_to_cpu(*val);
968
969 return 0;
970 }
971
972 /**
973 * Get 'data-size-unciphered' property from a given image node.
974 *
975 * @fit: pointer to the FIT image header
976 * @noffset: component image node offset
977 * @data_size: holds the data-size property
978 *
979 * returns:
980 * 0, on success
981 * -ENOENT if the property could not be found
982 */
fit_image_get_data_size_unciphered(const void * fit,int noffset,size_t * data_size)983 int fit_image_get_data_size_unciphered(const void *fit, int noffset,
984 size_t *data_size)
985 {
986 const fdt32_t *val;
987
988 val = fdt_getprop(fit, noffset, "data-size-unciphered", NULL);
989 if (!val)
990 return -ENOENT;
991
992 *data_size = (size_t)fdt32_to_cpu(*val);
993
994 return 0;
995 }
996
997 /**
998 * fit_image_get_data_and_size - get data and its size including
999 * both embedded and external data
1000 * @fit: pointer to the FIT format image header
1001 * @noffset: component image node offset
1002 * @data: double pointer to void, will hold data property's data address
1003 * @size: pointer to size_t, will hold data property's data size
1004 *
1005 * fit_image_get_data_and_size() finds data and its size including
1006 * both embedded and external data. If the property is found
1007 * its data start address and size are returned to the caller.
1008 *
1009 * returns:
1010 * 0, on success
1011 * otherwise, on failure
1012 */
fit_image_get_data_and_size(const void * fit,int noffset,const void ** data,size_t * size)1013 int fit_image_get_data_and_size(const void *fit, int noffset,
1014 const void **data, size_t *size)
1015 {
1016 bool external_data = false;
1017 int offset;
1018 int len;
1019 int ret;
1020
1021 if (!fit_image_get_data_position(fit, noffset, &offset)) {
1022 external_data = true;
1023 } else if (!fit_image_get_data_offset(fit, noffset, &offset)) {
1024 external_data = true;
1025 /*
1026 * For FIT with external data, figure out where
1027 * the external images start. This is the base
1028 * for the data-offset properties in each image.
1029 */
1030 offset += ((fdt_totalsize(fit) + 3) & ~3);
1031 }
1032
1033 if (external_data) {
1034 debug("External Data\n");
1035 ret = fit_image_get_data_size(fit, noffset, &len);
1036 if (!ret) {
1037 *data = fit + offset;
1038 *size = len;
1039 }
1040 } else {
1041 ret = fit_image_get_data(fit, noffset, data, size);
1042 }
1043
1044 return ret;
1045 }
1046
1047 /**
1048 * fit_image_hash_get_algo - get hash algorithm name
1049 * @fit: pointer to the FIT format image header
1050 * @noffset: hash node offset
1051 * @algo: double pointer to char, will hold pointer to the algorithm name
1052 *
1053 * fit_image_hash_get_algo() finds hash algorithm property in a given hash node.
1054 * If the property is found its data start address is returned to the caller.
1055 *
1056 * returns:
1057 * 0, on success
1058 * -1, on failure
1059 */
fit_image_hash_get_algo(const void * fit,int noffset,char ** algo)1060 int fit_image_hash_get_algo(const void *fit, int noffset, char **algo)
1061 {
1062 int len;
1063
1064 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
1065 if (*algo == NULL) {
1066 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
1067 return -1;
1068 }
1069
1070 return 0;
1071 }
1072
1073 /**
1074 * fit_image_hash_get_value - get hash value and length
1075 * @fit: pointer to the FIT format image header
1076 * @noffset: hash node offset
1077 * @value: double pointer to uint8_t, will hold address of a hash value data
1078 * @value_len: pointer to an int, will hold hash data length
1079 *
1080 * fit_image_hash_get_value() finds hash value property in a given hash node.
1081 * If the property is found its data start address and size are returned to
1082 * the caller.
1083 *
1084 * returns:
1085 * 0, on success
1086 * -1, on failure
1087 */
fit_image_hash_get_value(const void * fit,int noffset,uint8_t ** value,int * value_len)1088 int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value,
1089 int *value_len)
1090 {
1091 int len;
1092
1093 *value = (uint8_t *)fdt_getprop(fit, noffset, FIT_VALUE_PROP, &len);
1094 if (*value == NULL) {
1095 fit_get_debug(fit, noffset, FIT_VALUE_PROP, len);
1096 *value_len = 0;
1097 return -1;
1098 }
1099
1100 *value_len = len;
1101 return 0;
1102 }
1103
1104 /**
1105 * fit_image_hash_get_ignore - get hash ignore flag
1106 * @fit: pointer to the FIT format image header
1107 * @noffset: hash node offset
1108 * @ignore: pointer to an int, will hold hash ignore flag
1109 *
1110 * fit_image_hash_get_ignore() finds hash ignore property in a given hash node.
1111 * If the property is found and non-zero, the hash algorithm is not verified by
1112 * u-boot automatically.
1113 *
1114 * returns:
1115 * 0, on ignore not found
1116 * value, on ignore found
1117 */
fit_image_hash_get_ignore(const void * fit,int noffset,int * ignore)1118 static int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore)
1119 {
1120 int len;
1121 int *value;
1122
1123 value = (int *)fdt_getprop(fit, noffset, FIT_IGNORE_PROP, &len);
1124 if (value == NULL || len != sizeof(int))
1125 *ignore = 0;
1126 else
1127 *ignore = *value;
1128
1129 return 0;
1130 }
1131
1132 /**
1133 * fit_image_cipher_get_algo - get cipher algorithm name
1134 * @fit: pointer to the FIT format image header
1135 * @noffset: cipher node offset
1136 * @algo: double pointer to char, will hold pointer to the algorithm name
1137 *
1138 * fit_image_cipher_get_algo() finds cipher algorithm property in a given
1139 * cipher node. If the property is found its data start address is returned
1140 * to the caller.
1141 *
1142 * returns:
1143 * 0, on success
1144 * -1, on failure
1145 */
fit_image_cipher_get_algo(const void * fit,int noffset,char ** algo)1146 int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo)
1147 {
1148 int len;
1149
1150 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
1151 if (!*algo) {
1152 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
1153 return -1;
1154 }
1155
1156 return 0;
1157 }
1158
fit_get_end(const void * fit)1159 ulong fit_get_end(const void *fit)
1160 {
1161 return map_to_sysmem((void *)(fit + fdt_totalsize(fit)));
1162 }
1163
1164 /**
1165 * fit_set_timestamp - set node timestamp property
1166 * @fit: pointer to the FIT format image header
1167 * @noffset: node offset
1168 * @timestamp: timestamp value to be set
1169 *
1170 * fit_set_timestamp() attempts to set timestamp property in the requested
1171 * node and returns operation status to the caller.
1172 *
1173 * returns:
1174 * 0, on success
1175 * -ENOSPC if no space in device tree, -1 for other error
1176 */
fit_set_timestamp(void * fit,int noffset,time_t timestamp)1177 int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
1178 {
1179 uint32_t t;
1180 int ret;
1181
1182 t = cpu_to_uimage(timestamp);
1183 ret = fdt_setprop(fit, noffset, FIT_TIMESTAMP_PROP, &t,
1184 sizeof(uint32_t));
1185 if (ret) {
1186 debug("Can't set '%s' property for '%s' node (%s)\n",
1187 FIT_TIMESTAMP_PROP, fit_get_name(fit, noffset, NULL),
1188 fdt_strerror(ret));
1189 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1;
1190 }
1191
1192 return 0;
1193 }
1194
1195 /**
1196 * calculate_hash - calculate and return hash for provided input data
1197 * @data: pointer to the input data
1198 * @data_len: data length
1199 * @algo: requested hash algorithm
1200 * @value: pointer to the char, will hold hash value data (caller must
1201 * allocate enough free space)
1202 * value_len: length of the calculated hash
1203 *
1204 * calculate_hash() computes input data hash according to the requested
1205 * algorithm.
1206 * Resulting hash value is placed in caller provided 'value' buffer, length
1207 * of the calculated hash is returned via value_len pointer argument.
1208 *
1209 * returns:
1210 * 0, on success
1211 * -1, when algo is unsupported
1212 */
calculate_hash(const void * data,int data_len,const char * algo,uint8_t * value,int * value_len)1213 int calculate_hash(const void *data, int data_len, const char *algo,
1214 uint8_t *value, int *value_len)
1215 {
1216 if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
1217 *((uint32_t *)value) = crc32_wd(0, data, data_len,
1218 CHUNKSZ_CRC32);
1219 *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
1220 *value_len = 4;
1221 } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
1222 sha1_csum_wd((unsigned char *)data, data_len,
1223 (unsigned char *)value, CHUNKSZ_SHA1);
1224 *value_len = 20;
1225 } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
1226 sha256_csum_wd((unsigned char *)data, data_len,
1227 (unsigned char *)value, CHUNKSZ_SHA256);
1228 *value_len = SHA256_SUM_LEN;
1229 } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
1230 sha384_csum_wd((unsigned char *)data, data_len,
1231 (unsigned char *)value, CHUNKSZ_SHA384);
1232 *value_len = SHA384_SUM_LEN;
1233 } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
1234 sha512_csum_wd((unsigned char *)data, data_len,
1235 (unsigned char *)value, CHUNKSZ_SHA512);
1236 *value_len = SHA512_SUM_LEN;
1237 } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
1238 md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
1239 *value_len = 16;
1240 } else {
1241 debug("Unsupported hash alogrithm\n");
1242 return -1;
1243 }
1244 return 0;
1245 }
1246
fit_image_check_hash(const void * fit,int noffset,const void * data,size_t size,char ** err_msgp)1247 static int fit_image_check_hash(const void *fit, int noffset, const void *data,
1248 size_t size, char **err_msgp)
1249 {
1250 uint8_t value[FIT_MAX_HASH_LEN];
1251 int value_len;
1252 char *algo;
1253 uint8_t *fit_value;
1254 int fit_value_len;
1255 int ignore;
1256
1257 *err_msgp = NULL;
1258
1259 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
1260 *err_msgp = "Can't get hash algo property";
1261 return -1;
1262 }
1263 printf("%s", algo);
1264
1265 if (IMAGE_ENABLE_IGNORE) {
1266 fit_image_hash_get_ignore(fit, noffset, &ignore);
1267 if (ignore) {
1268 printf("-skipped ");
1269 return 0;
1270 }
1271 }
1272
1273 if (fit_image_hash_get_value(fit, noffset, &fit_value,
1274 &fit_value_len)) {
1275 *err_msgp = "Can't get hash value property";
1276 return -1;
1277 }
1278
1279 if (calculate_hash(data, size, algo, value, &value_len)) {
1280 *err_msgp = "Unsupported hash algorithm";
1281 return -1;
1282 }
1283
1284 if (value_len != fit_value_len) {
1285 *err_msgp = "Bad hash value len";
1286 return -1;
1287 } else if (memcmp(value, fit_value, value_len) != 0) {
1288 *err_msgp = "Bad hash value";
1289 return -1;
1290 }
1291
1292 return 0;
1293 }
1294
fit_image_verify_with_data(const void * fit,int image_noffset,const void * data,size_t size)1295 int fit_image_verify_with_data(const void *fit, int image_noffset,
1296 const void *data, size_t size)
1297 {
1298 int noffset = 0;
1299 char *err_msg = "";
1300 int verify_all = 1;
1301 int ret;
1302
1303 /* Verify all required signatures */
1304 if (FIT_IMAGE_ENABLE_VERIFY &&
1305 fit_image_verify_required_sigs(fit, image_noffset, data, size,
1306 gd_fdt_blob(), &verify_all)) {
1307 err_msg = "Unable to verify required signature";
1308 goto error;
1309 }
1310
1311 /* Process all hash subnodes of the component image node */
1312 fdt_for_each_subnode(noffset, fit, image_noffset) {
1313 const char *name = fit_get_name(fit, noffset, NULL);
1314
1315 /*
1316 * Check subnode name, must be equal to "hash".
1317 * Multiple hash nodes require unique unit node
1318 * names, e.g. hash-1, hash-2, etc.
1319 */
1320 if (!strncmp(name, FIT_HASH_NODENAME,
1321 strlen(FIT_HASH_NODENAME))) {
1322 if (fit_image_check_hash(fit, noffset, data, size,
1323 &err_msg))
1324 goto error;
1325 puts("+ ");
1326 } else if (FIT_IMAGE_ENABLE_VERIFY && verify_all &&
1327 !strncmp(name, FIT_SIG_NODENAME,
1328 strlen(FIT_SIG_NODENAME))) {
1329 ret = fit_image_check_sig(fit, noffset, data,
1330 size, -1, &err_msg);
1331
1332 /*
1333 * Show an indication on failure, but do not return
1334 * an error. Only keys marked 'required' can cause
1335 * an image validation failure. See the call to
1336 * fit_image_verify_required_sigs() above.
1337 */
1338 if (ret)
1339 puts("- ");
1340 else
1341 puts("+ ");
1342 }
1343 }
1344
1345 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) {
1346 err_msg = "Corrupted or truncated tree";
1347 goto error;
1348 }
1349
1350 return 1;
1351
1352 error:
1353 printf(" error!\n%s for '%s' hash node in '%s' image node\n",
1354 err_msg, fit_get_name(fit, noffset, NULL),
1355 fit_get_name(fit, image_noffset, NULL));
1356 return 0;
1357 }
1358
1359 /**
1360 * fit_image_verify - verify data integrity
1361 * @fit: pointer to the FIT format image header
1362 * @image_noffset: component image node offset
1363 *
1364 * fit_image_verify() goes over component image hash nodes,
1365 * re-calculates each data hash and compares with the value stored in hash
1366 * node.
1367 *
1368 * returns:
1369 * 1, if all hashes are valid
1370 * 0, otherwise (or on error)
1371 */
fit_image_verify(const void * fit,int image_noffset)1372 int fit_image_verify(const void *fit, int image_noffset)
1373 {
1374 const char *name = fit_get_name(fit, image_noffset, NULL);
1375 const void *data;
1376 size_t size;
1377 char *err_msg = "";
1378
1379 if (strchr(name, '@')) {
1380 /*
1381 * We don't support this since libfdt considers names with the
1382 * name root but different @ suffix to be equal
1383 */
1384 err_msg = "Node name contains @";
1385 goto err;
1386 }
1387 /* Get image data and data length */
1388 if (fit_image_get_data_and_size(fit, image_noffset, &data, &size)) {
1389 err_msg = "Can't get image data/size";
1390 goto err;
1391 }
1392
1393 return fit_image_verify_with_data(fit, image_noffset, data, size);
1394
1395 err:
1396 printf("error!\n%s in '%s' image node\n", err_msg,
1397 fit_get_name(fit, image_noffset, NULL));
1398 return 0;
1399 }
1400
1401 /**
1402 * fit_all_image_verify - verify data integrity for all images
1403 * @fit: pointer to the FIT format image header
1404 *
1405 * fit_all_image_verify() goes over all images in the FIT and
1406 * for every images checks if all it's hashes are valid.
1407 *
1408 * returns:
1409 * 1, if all hashes of all images are valid
1410 * 0, otherwise (or on error)
1411 */
fit_all_image_verify(const void * fit)1412 int fit_all_image_verify(const void *fit)
1413 {
1414 int images_noffset;
1415 int noffset;
1416 int ndepth;
1417 int count;
1418
1419 /* Find images parent node offset */
1420 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1421 if (images_noffset < 0) {
1422 printf("Can't find images parent node '%s' (%s)\n",
1423 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
1424 return 0;
1425 }
1426
1427 /* Process all image subnodes, check hashes for each */
1428 printf("## Checking hash(es) for FIT Image at %08lx ...\n",
1429 (ulong)fit);
1430 for (ndepth = 0, count = 0,
1431 noffset = fdt_next_node(fit, images_noffset, &ndepth);
1432 (noffset >= 0) && (ndepth > 0);
1433 noffset = fdt_next_node(fit, noffset, &ndepth)) {
1434 if (ndepth == 1) {
1435 /*
1436 * Direct child node of the images parent node,
1437 * i.e. component image node.
1438 */
1439 printf(" Hash(es) for Image %u (%s): ", count,
1440 fit_get_name(fit, noffset, NULL));
1441 count++;
1442
1443 if (!fit_image_verify(fit, noffset))
1444 return 0;
1445 printf("\n");
1446 }
1447 }
1448 return 1;
1449 }
1450
fit_image_uncipher(const void * fit,int image_noffset,void ** data,size_t * size)1451 static int fit_image_uncipher(const void *fit, int image_noffset,
1452 void **data, size_t *size)
1453 {
1454 int cipher_noffset, ret;
1455 void *dst;
1456 size_t size_dst;
1457
1458 cipher_noffset = fdt_subnode_offset(fit, image_noffset,
1459 FIT_CIPHER_NODENAME);
1460 if (cipher_noffset < 0)
1461 return 0;
1462
1463 ret = fit_image_decrypt_data(fit, image_noffset, cipher_noffset,
1464 *data, *size, &dst, &size_dst);
1465 if (ret)
1466 goto out;
1467
1468 *data = dst;
1469 *size = size_dst;
1470
1471 out:
1472 return ret;
1473 }
1474
1475 /**
1476 * fit_image_check_os - check whether image node is of a given os type
1477 * @fit: pointer to the FIT format image header
1478 * @noffset: component image node offset
1479 * @os: requested image os
1480 *
1481 * fit_image_check_os() reads image os property and compares its numeric
1482 * id with the requested os. Comparison result is returned to the caller.
1483 *
1484 * returns:
1485 * 1 if image is of given os type
1486 * 0 otherwise (or on error)
1487 */
fit_image_check_os(const void * fit,int noffset,uint8_t os)1488 int fit_image_check_os(const void *fit, int noffset, uint8_t os)
1489 {
1490 uint8_t image_os;
1491
1492 if (fit_image_get_os(fit, noffset, &image_os))
1493 return 0;
1494 return (os == image_os);
1495 }
1496
1497 /**
1498 * fit_image_check_arch - check whether image node is of a given arch
1499 * @fit: pointer to the FIT format image header
1500 * @noffset: component image node offset
1501 * @arch: requested imagearch
1502 *
1503 * fit_image_check_arch() reads image arch property and compares its numeric
1504 * id with the requested arch. Comparison result is returned to the caller.
1505 *
1506 * returns:
1507 * 1 if image is of given arch
1508 * 0 otherwise (or on error)
1509 */
fit_image_check_arch(const void * fit,int noffset,uint8_t arch)1510 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch)
1511 {
1512 uint8_t image_arch;
1513 int aarch32_support = 0;
1514
1515 /* Let's assume that sandbox can load any architecture */
1516 if (IS_ENABLED(CONFIG_SANDBOX))
1517 return true;
1518
1519 if (IS_ENABLED(CONFIG_ARM64_SUPPORT_AARCH32))
1520 aarch32_support = 1;
1521
1522 if (fit_image_get_arch(fit, noffset, &image_arch))
1523 return 0;
1524 return (arch == image_arch) ||
1525 (arch == IH_ARCH_I386 && image_arch == IH_ARCH_X86_64) ||
1526 (arch == IH_ARCH_ARM64 && image_arch == IH_ARCH_ARM &&
1527 aarch32_support);
1528 }
1529
1530 /**
1531 * fit_image_check_type - check whether image node is of a given type
1532 * @fit: pointer to the FIT format image header
1533 * @noffset: component image node offset
1534 * @type: requested image type
1535 *
1536 * fit_image_check_type() reads image type property and compares its numeric
1537 * id with the requested type. Comparison result is returned to the caller.
1538 *
1539 * returns:
1540 * 1 if image is of given type
1541 * 0 otherwise (or on error)
1542 */
fit_image_check_type(const void * fit,int noffset,uint8_t type)1543 int fit_image_check_type(const void *fit, int noffset, uint8_t type)
1544 {
1545 uint8_t image_type;
1546
1547 if (fit_image_get_type(fit, noffset, &image_type))
1548 return 0;
1549 return (type == image_type);
1550 }
1551
1552 /**
1553 * fit_image_check_comp - check whether image node uses given compression
1554 * @fit: pointer to the FIT format image header
1555 * @noffset: component image node offset
1556 * @comp: requested image compression type
1557 *
1558 * fit_image_check_comp() reads image compression property and compares its
1559 * numeric id with the requested compression type. Comparison result is
1560 * returned to the caller.
1561 *
1562 * returns:
1563 * 1 if image uses requested compression
1564 * 0 otherwise (or on error)
1565 */
fit_image_check_comp(const void * fit,int noffset,uint8_t comp)1566 int fit_image_check_comp(const void *fit, int noffset, uint8_t comp)
1567 {
1568 uint8_t image_comp;
1569
1570 if (fit_image_get_comp(fit, noffset, &image_comp))
1571 return 0;
1572 return (comp == image_comp);
1573 }
1574
1575 /**
1576 * fdt_check_no_at() - Check for nodes whose names contain '@'
1577 *
1578 * This checks the parent node and all subnodes recursively
1579 *
1580 * @fit: FIT to check
1581 * @parent: Parent node to check
1582 * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@'
1583 */
fdt_check_no_at(const void * fit,int parent)1584 static int fdt_check_no_at(const void *fit, int parent)
1585 {
1586 const char *name;
1587 int node;
1588 int ret;
1589
1590 name = fdt_get_name(fit, parent, NULL);
1591 if (!name || strchr(name, '@'))
1592 return -EADDRNOTAVAIL;
1593
1594 fdt_for_each_subnode(node, fit, parent) {
1595 ret = fdt_check_no_at(fit, node);
1596 if (ret)
1597 return ret;
1598 }
1599
1600 return 0;
1601 }
1602
fit_check_format(const void * fit,ulong size)1603 int fit_check_format(const void *fit, ulong size)
1604 {
1605 int ret;
1606
1607 /* A FIT image must be a valid FDT */
1608 ret = fdt_check_header(fit);
1609 if (ret) {
1610 log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n",
1611 ret);
1612 return -ENOEXEC;
1613 }
1614
1615 if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) {
1616 /*
1617 * If we are not given the size, make do wtih calculating it.
1618 * This is not as secure, so we should consider a flag to
1619 * control this.
1620 */
1621 if (size == IMAGE_SIZE_INVAL)
1622 size = fdt_totalsize(fit);
1623 ret = fdt_check_full(fit, size);
1624 if (ret)
1625 ret = -EINVAL;
1626
1627 /*
1628 * U-Boot stopped using unit addressed in 2017. Since libfdt
1629 * can match nodes ignoring any unit address, signature
1630 * verification can see the wrong node if one is inserted with
1631 * the same name as a valid node but with a unit address
1632 * attached. Protect against this by disallowing unit addresses.
1633 */
1634 if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
1635 ret = fdt_check_no_at(fit, 0);
1636
1637 if (ret) {
1638 log_debug("FIT check error %d\n", ret);
1639 return ret;
1640 }
1641 }
1642 if (ret) {
1643 log_debug("FIT check error %d\n", ret);
1644 return ret;
1645 }
1646 }
1647
1648 /* mandatory / node 'description' property */
1649 if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) {
1650 log_debug("Wrong FIT format: no description\n");
1651 return -ENOMSG;
1652 }
1653
1654 if (IMAGE_ENABLE_TIMESTAMP) {
1655 /* mandatory / node 'timestamp' property */
1656 if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) {
1657 log_debug("Wrong FIT format: no timestamp\n");
1658 return -EBADMSG;
1659 }
1660 }
1661
1662 /* mandatory subimages parent '/images' node */
1663 if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) {
1664 log_debug("Wrong FIT format: no images parent node\n");
1665 return -ENOENT;
1666 }
1667
1668 return 0;
1669 }
1670
1671 /**
1672 * fit_conf_find_compat
1673 * @fit: pointer to the FIT format image header
1674 * @fdt: pointer to the device tree to compare against
1675 *
1676 * fit_conf_find_compat() attempts to find the configuration whose fdt is the
1677 * most compatible with the passed in device tree.
1678 *
1679 * Example:
1680 *
1681 * / o image-tree
1682 * |-o images
1683 * | |-o fdt-1
1684 * | |-o fdt-2
1685 * |
1686 * |-o configurations
1687 * |-o config-1
1688 * | |-fdt = fdt-1
1689 * |
1690 * |-o config-2
1691 * |-fdt = fdt-2
1692 *
1693 * / o U-Boot fdt
1694 * |-compatible = "foo,bar", "bim,bam"
1695 *
1696 * / o kernel fdt1
1697 * |-compatible = "foo,bar",
1698 *
1699 * / o kernel fdt2
1700 * |-compatible = "bim,bam", "baz,biz"
1701 *
1702 * Configuration 1 would be picked because the first string in U-Boot's
1703 * compatible list, "foo,bar", matches a compatible string in the root of fdt1.
1704 * "bim,bam" in fdt2 matches the second string which isn't as good as fdt1.
1705 *
1706 * As an optimization, the compatible property from the FDT's root node can be
1707 * copied into the configuration node in the FIT image. This is required to
1708 * match configurations with compressed FDTs.
1709 *
1710 * returns:
1711 * offset to the configuration to use if one was found
1712 * -1 otherwise
1713 */
fit_conf_find_compat(const void * fit,const void * fdt)1714 int fit_conf_find_compat(const void *fit, const void *fdt)
1715 {
1716 int ndepth = 0;
1717 int noffset, confs_noffset, images_noffset;
1718 const void *fdt_compat;
1719 int fdt_compat_len;
1720 int best_match_offset = 0;
1721 int best_match_pos = 0;
1722
1723 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1724 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1725 if (confs_noffset < 0 || images_noffset < 0) {
1726 debug("Can't find configurations or images nodes.\n");
1727 return -1;
1728 }
1729
1730 fdt_compat = fdt_getprop(fdt, 0, "compatible", &fdt_compat_len);
1731 if (!fdt_compat) {
1732 debug("Fdt for comparison has no \"compatible\" property.\n");
1733 return -1;
1734 }
1735
1736 /*
1737 * Loop over the configurations in the FIT image.
1738 */
1739 for (noffset = fdt_next_node(fit, confs_noffset, &ndepth);
1740 (noffset >= 0) && (ndepth > 0);
1741 noffset = fdt_next_node(fit, noffset, &ndepth)) {
1742 const void *fdt;
1743 const char *kfdt_name;
1744 int kfdt_noffset, compat_noffset;
1745 const char *cur_fdt_compat;
1746 int len;
1747 size_t sz;
1748 int i;
1749
1750 if (ndepth > 1)
1751 continue;
1752
1753 /* If there's a compat property in the config node, use that. */
1754 if (fdt_getprop(fit, noffset, "compatible", NULL)) {
1755 fdt = fit; /* search in FIT image */
1756 compat_noffset = noffset; /* search under config node */
1757 } else { /* Otherwise extract it from the kernel FDT. */
1758 kfdt_name = fdt_getprop(fit, noffset, "fdt", &len);
1759 if (!kfdt_name) {
1760 debug("No fdt property found.\n");
1761 continue;
1762 }
1763 kfdt_noffset = fdt_subnode_offset(fit, images_noffset,
1764 kfdt_name);
1765 if (kfdt_noffset < 0) {
1766 debug("No image node named \"%s\" found.\n",
1767 kfdt_name);
1768 continue;
1769 }
1770
1771 if (!fit_image_check_comp(fit, kfdt_noffset,
1772 IH_COMP_NONE)) {
1773 debug("Can't extract compat from \"%s\" "
1774 "(compressed)\n", kfdt_name);
1775 continue;
1776 }
1777
1778 /* search in this config's kernel FDT */
1779 if (fit_image_get_data(fit, kfdt_noffset, &fdt, &sz)) {
1780 debug("Failed to get fdt \"%s\".\n", kfdt_name);
1781 continue;
1782 }
1783
1784 compat_noffset = 0; /* search kFDT under root node */
1785 }
1786
1787 len = fdt_compat_len;
1788 cur_fdt_compat = fdt_compat;
1789 /*
1790 * Look for a match for each U-Boot compatibility string in
1791 * turn in the compat string property.
1792 */
1793 for (i = 0; len > 0 &&
1794 (!best_match_offset || best_match_pos > i); i++) {
1795 int cur_len = strlen(cur_fdt_compat) + 1;
1796
1797 if (!fdt_node_check_compatible(fdt, compat_noffset,
1798 cur_fdt_compat)) {
1799 best_match_offset = noffset;
1800 best_match_pos = i;
1801 break;
1802 }
1803 len -= cur_len;
1804 cur_fdt_compat += cur_len;
1805 }
1806 }
1807 if (!best_match_offset) {
1808 debug("No match found.\n");
1809 return -1;
1810 }
1811
1812 return best_match_offset;
1813 }
1814
fit_conf_get_node(const void * fit,const char * conf_uname)1815 int fit_conf_get_node(const void *fit, const char *conf_uname)
1816 {
1817 int noffset, confs_noffset;
1818 int len;
1819 const char *s;
1820 char *conf_uname_copy = NULL;
1821
1822 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1823 if (confs_noffset < 0) {
1824 debug("Can't find configurations parent node '%s' (%s)\n",
1825 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
1826 return confs_noffset;
1827 }
1828
1829 if (conf_uname == NULL) {
1830 /* get configuration unit name from the default property */
1831 debug("No configuration specified, trying default...\n");
1832 if (!host_build() && IS_ENABLED(CONFIG_MULTI_DTB_FIT)) {
1833 noffset = fit_find_config_node(fit);
1834 if (noffset < 0)
1835 return noffset;
1836 conf_uname = fdt_get_name(fit, noffset, NULL);
1837 } else {
1838 conf_uname = (char *)fdt_getprop(fit, confs_noffset,
1839 FIT_DEFAULT_PROP, &len);
1840 if (conf_uname == NULL) {
1841 fit_get_debug(fit, confs_noffset, FIT_DEFAULT_PROP,
1842 len);
1843 return len;
1844 }
1845 }
1846 debug("Found default configuration: '%s'\n", conf_uname);
1847 }
1848
1849 s = strchr(conf_uname, '#');
1850 if (s) {
1851 len = s - conf_uname;
1852 conf_uname_copy = malloc(len + 1);
1853 if (!conf_uname_copy) {
1854 debug("Can't allocate uname copy: '%s'\n",
1855 conf_uname);
1856 return -ENOMEM;
1857 }
1858 memcpy(conf_uname_copy, conf_uname, len);
1859 conf_uname_copy[len] = '\0';
1860 conf_uname = conf_uname_copy;
1861 }
1862
1863 noffset = fdt_subnode_offset(fit, confs_noffset, conf_uname);
1864 if (noffset < 0) {
1865 debug("Can't get node offset for configuration unit name: '%s' (%s)\n",
1866 conf_uname, fdt_strerror(noffset));
1867 }
1868
1869 if (conf_uname_copy)
1870 free(conf_uname_copy);
1871
1872 return noffset;
1873 }
1874
fit_conf_get_prop_node_count(const void * fit,int noffset,const char * prop_name)1875 int fit_conf_get_prop_node_count(const void *fit, int noffset,
1876 const char *prop_name)
1877 {
1878 return fdt_stringlist_count(fit, noffset, prop_name);
1879 }
1880
fit_conf_get_prop_node_index(const void * fit,int noffset,const char * prop_name,int index)1881 int fit_conf_get_prop_node_index(const void *fit, int noffset,
1882 const char *prop_name, int index)
1883 {
1884 const char *uname;
1885 int len;
1886
1887 /* get kernel image unit name from configuration kernel property */
1888 uname = fdt_stringlist_get(fit, noffset, prop_name, index, &len);
1889 if (uname == NULL)
1890 return len;
1891
1892 return fit_image_get_node(fit, uname);
1893 }
1894
fit_conf_get_prop_node(const void * fit,int noffset,const char * prop_name)1895 int fit_conf_get_prop_node(const void *fit, int noffset,
1896 const char *prop_name)
1897 {
1898 return fit_conf_get_prop_node_index(fit, noffset, prop_name, 0);
1899 }
1900
fit_image_select(const void * fit,int rd_noffset,int verify)1901 static int fit_image_select(const void *fit, int rd_noffset, int verify)
1902 {
1903 fit_image_print(fit, rd_noffset, " ");
1904
1905 if (verify) {
1906 puts(" Verifying Hash Integrity ... ");
1907 if (!fit_image_verify(fit, rd_noffset)) {
1908 puts("Bad Data Hash\n");
1909 return -EACCES;
1910 }
1911 puts("OK\n");
1912 }
1913
1914 return 0;
1915 }
1916
fit_get_node_from_config(bootm_headers_t * images,const char * prop_name,ulong addr)1917 int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name,
1918 ulong addr)
1919 {
1920 int cfg_noffset;
1921 void *fit_hdr;
1922 int noffset;
1923
1924 debug("* %s: using config '%s' from image at 0x%08lx\n",
1925 prop_name, images->fit_uname_cfg, addr);
1926
1927 /* Check whether configuration has this property defined */
1928 fit_hdr = map_sysmem(addr, 0);
1929 cfg_noffset = fit_conf_get_node(fit_hdr, images->fit_uname_cfg);
1930 if (cfg_noffset < 0) {
1931 debug("* %s: no such config\n", prop_name);
1932 return -EINVAL;
1933 }
1934
1935 noffset = fit_conf_get_prop_node(fit_hdr, cfg_noffset, prop_name);
1936 if (noffset < 0) {
1937 debug("* %s: no '%s' in config\n", prop_name, prop_name);
1938 return -ENOENT;
1939 }
1940
1941 return noffset;
1942 }
1943
1944 /**
1945 * fit_get_image_type_property() - get property name for IH_TYPE_...
1946 *
1947 * @return the properly name where we expect to find the image in the
1948 * config node
1949 */
fit_get_image_type_property(int type)1950 static const char *fit_get_image_type_property(int type)
1951 {
1952 /*
1953 * This is sort-of available in the uimage_type[] table in image.c
1954 * but we don't have access to the short name, and "fdt" is different
1955 * anyway. So let's just keep it here.
1956 */
1957 switch (type) {
1958 case IH_TYPE_FLATDT:
1959 return FIT_FDT_PROP;
1960 case IH_TYPE_KERNEL:
1961 return FIT_KERNEL_PROP;
1962 case IH_TYPE_FIRMWARE:
1963 return FIT_FIRMWARE_PROP;
1964 case IH_TYPE_RAMDISK:
1965 return FIT_RAMDISK_PROP;
1966 case IH_TYPE_X86_SETUP:
1967 return FIT_SETUP_PROP;
1968 case IH_TYPE_LOADABLE:
1969 return FIT_LOADABLE_PROP;
1970 case IH_TYPE_FPGA:
1971 return FIT_FPGA_PROP;
1972 case IH_TYPE_STANDALONE:
1973 return FIT_STANDALONE_PROP;
1974 }
1975
1976 return "unknown";
1977 }
1978
fit_image_load(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,int image_type,int bootstage_id,enum fit_load_op load_op,ulong * datap,ulong * lenp)1979 int fit_image_load(bootm_headers_t *images, ulong addr,
1980 const char **fit_unamep, const char **fit_uname_configp,
1981 int arch, int image_type, int bootstage_id,
1982 enum fit_load_op load_op, ulong *datap, ulong *lenp)
1983 {
1984 int cfg_noffset, noffset;
1985 const char *fit_uname;
1986 const char *fit_uname_config;
1987 const char *fit_base_uname_config;
1988 const void *fit;
1989 void *buf;
1990 void *loadbuf;
1991 size_t size;
1992 int type_ok, os_ok;
1993 ulong load, load_end, data, len;
1994 uint8_t os, comp;
1995 #ifndef USE_HOSTCC
1996 uint8_t os_arch;
1997 #endif
1998 const char *prop_name;
1999 int ret;
2000
2001 fit = map_sysmem(addr, 0);
2002 fit_uname = fit_unamep ? *fit_unamep : NULL;
2003 fit_uname_config = fit_uname_configp ? *fit_uname_configp : NULL;
2004 fit_base_uname_config = NULL;
2005 prop_name = fit_get_image_type_property(image_type);
2006 printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr);
2007
2008 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT);
2009 ret = fit_check_format(fit, IMAGE_SIZE_INVAL);
2010 if (ret) {
2011 printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret);
2012 if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL)
2013 printf("Signature checking prevents use of unit addresses (@) in nodes\n");
2014 bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT);
2015 return ret;
2016 }
2017 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK);
2018 if (fit_uname) {
2019 /* get FIT component image node offset */
2020 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_UNIT_NAME);
2021 noffset = fit_image_get_node(fit, fit_uname);
2022 } else {
2023 /*
2024 * no image node unit name, try to get config
2025 * node first. If config unit node name is NULL
2026 * fit_conf_get_node() will try to find default config node
2027 */
2028 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME);
2029 if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) {
2030 cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob());
2031 } else {
2032 cfg_noffset = fit_conf_get_node(fit,
2033 fit_uname_config);
2034 }
2035 if (cfg_noffset < 0) {
2036 puts("Could not find configuration node\n");
2037 bootstage_error(bootstage_id +
2038 BOOTSTAGE_SUB_NO_UNIT_NAME);
2039 return -ENOENT;
2040 }
2041
2042 fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
2043 printf(" Using '%s' configuration\n", fit_base_uname_config);
2044 /* Remember this config */
2045 if (image_type == IH_TYPE_KERNEL)
2046 images->fit_uname_cfg = fit_base_uname_config;
2047
2048 if (FIT_IMAGE_ENABLE_VERIFY && images->verify) {
2049 puts(" Verifying Hash Integrity ... ");
2050 if (fit_config_verify(fit, cfg_noffset)) {
2051 puts("Bad Data Hash\n");
2052 bootstage_error(bootstage_id +
2053 BOOTSTAGE_SUB_HASH);
2054 return -EACCES;
2055 }
2056 puts("OK\n");
2057 }
2058
2059 bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
2060
2061 noffset = fit_conf_get_prop_node(fit, cfg_noffset,
2062 prop_name);
2063 fit_uname = fit_get_name(fit, noffset, NULL);
2064 }
2065 if (noffset < 0) {
2066 printf("Could not find subimage node type '%s'\n", prop_name);
2067 bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE);
2068 return -ENOENT;
2069 }
2070
2071 printf(" Trying '%s' %s subimage\n", fit_uname, prop_name);
2072
2073 ret = fit_image_select(fit, noffset, images->verify);
2074 if (ret) {
2075 bootstage_error(bootstage_id + BOOTSTAGE_SUB_HASH);
2076 return ret;
2077 }
2078
2079 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
2080 if (!host_build() && IS_ENABLED(CONFIG_SANDBOX)) {
2081 if (!fit_image_check_target_arch(fit, noffset)) {
2082 puts("Unsupported Architecture\n");
2083 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
2084 return -ENOEXEC;
2085 }
2086 }
2087
2088 #ifndef USE_HOSTCC
2089 fit_image_get_arch(fit, noffset, &os_arch);
2090 images->os.arch = os_arch;
2091 #endif
2092
2093 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
2094 type_ok = fit_image_check_type(fit, noffset, image_type) ||
2095 fit_image_check_type(fit, noffset, IH_TYPE_FIRMWARE) ||
2096 fit_image_check_type(fit, noffset, IH_TYPE_TEE) ||
2097 (image_type == IH_TYPE_KERNEL &&
2098 fit_image_check_type(fit, noffset, IH_TYPE_KERNEL_NOLOAD));
2099
2100 os_ok = image_type == IH_TYPE_FLATDT ||
2101 image_type == IH_TYPE_FPGA ||
2102 fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
2103 fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
2104 fit_image_check_os(fit, noffset, IH_OS_TEE) ||
2105 fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
2106 fit_image_check_os(fit, noffset, IH_OS_EFI) ||
2107 fit_image_check_os(fit, noffset, IH_OS_VXWORKS);
2108
2109 /*
2110 * If either of the checks fail, we should report an error, but
2111 * if the image type is coming from the "loadables" field, we
2112 * don't care what it is
2113 */
2114 if ((!type_ok || !os_ok) && image_type != IH_TYPE_LOADABLE) {
2115 fit_image_get_os(fit, noffset, &os);
2116 printf("No %s %s %s Image\n",
2117 genimg_get_os_name(os),
2118 genimg_get_arch_name(arch),
2119 genimg_get_type_name(image_type));
2120 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
2121 return -EIO;
2122 }
2123
2124 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL_OK);
2125
2126 /* get image data address and length */
2127 if (fit_image_get_data_and_size(fit, noffset,
2128 (const void **)&buf, &size)) {
2129 printf("Could not find %s subimage data!\n", prop_name);
2130 bootstage_error(bootstage_id + BOOTSTAGE_SUB_GET_DATA);
2131 return -ENOENT;
2132 }
2133
2134 /* Decrypt data before uncompress/move */
2135 if (IS_ENABLED(CONFIG_FIT_CIPHER) && IMAGE_ENABLE_DECRYPT) {
2136 puts(" Decrypting Data ... ");
2137 if (fit_image_uncipher(fit, noffset, &buf, &size)) {
2138 puts("Error\n");
2139 return -EACCES;
2140 }
2141 puts("OK\n");
2142 }
2143
2144 /* perform any post-processing on the image data */
2145 if (!host_build() && IS_ENABLED(CONFIG_FIT_IMAGE_POST_PROCESS))
2146 board_fit_image_post_process(&buf, &size);
2147
2148 len = (ulong)size;
2149
2150 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_GET_DATA_OK);
2151
2152 data = map_to_sysmem(buf);
2153 load = data;
2154 if (load_op == FIT_LOAD_IGNORED) {
2155 /* Don't load */
2156 } else if (fit_image_get_load(fit, noffset, &load)) {
2157 if (load_op == FIT_LOAD_REQUIRED) {
2158 printf("Can't get %s subimage load address!\n",
2159 prop_name);
2160 bootstage_error(bootstage_id + BOOTSTAGE_SUB_LOAD);
2161 return -EBADF;
2162 }
2163 } else if (load_op != FIT_LOAD_OPTIONAL_NON_ZERO || load) {
2164 ulong image_start, image_end;
2165
2166 /*
2167 * move image data to the load address,
2168 * make sure we don't overwrite initial image
2169 */
2170 image_start = addr;
2171 image_end = addr + fit_get_size(fit);
2172
2173 load_end = load + len;
2174 if (image_type != IH_TYPE_KERNEL &&
2175 load < image_end && load_end > image_start) {
2176 printf("Error: %s overwritten\n", prop_name);
2177 return -EXDEV;
2178 }
2179
2180 printf(" Loading %s from 0x%08lx to 0x%08lx\n",
2181 prop_name, data, load);
2182 } else {
2183 load = data; /* No load address specified */
2184 }
2185
2186 comp = IH_COMP_NONE;
2187 loadbuf = buf;
2188 /* Kernel images get decompressed later in bootm_load_os(). */
2189 if (!fit_image_get_comp(fit, noffset, &comp) &&
2190 comp != IH_COMP_NONE &&
2191 !(image_type == IH_TYPE_KERNEL ||
2192 image_type == IH_TYPE_KERNEL_NOLOAD ||
2193 image_type == IH_TYPE_RAMDISK)) {
2194 ulong max_decomp_len = len * 20;
2195 if (load == data) {
2196 loadbuf = malloc(max_decomp_len);
2197 load = map_to_sysmem(loadbuf);
2198 } else {
2199 loadbuf = map_sysmem(load, max_decomp_len);
2200 }
2201 if (image_decomp(comp, load, data, image_type,
2202 loadbuf, buf, len, max_decomp_len, &load_end)) {
2203 printf("Error decompressing %s\n", prop_name);
2204
2205 return -ENOEXEC;
2206 }
2207 len = load_end - load;
2208 } else if (load != data) {
2209 loadbuf = map_sysmem(load, len);
2210 memcpy(loadbuf, buf, len);
2211 }
2212
2213 if (image_type == IH_TYPE_RAMDISK && comp != IH_COMP_NONE)
2214 puts("WARNING: 'compression' nodes for ramdisks are deprecated,"
2215 " please fix your .its file!\n");
2216
2217 /* verify that image data is a proper FDT blob */
2218 if (image_type == IH_TYPE_FLATDT && fdt_check_header(loadbuf)) {
2219 puts("Subimage data is not a FDT");
2220 return -ENOEXEC;
2221 }
2222
2223 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_LOAD);
2224
2225 *datap = load;
2226 *lenp = len;
2227 if (fit_unamep)
2228 *fit_unamep = (char *)fit_uname;
2229 if (fit_uname_configp)
2230 *fit_uname_configp = (char *)(fit_uname_config ? :
2231 fit_base_uname_config);
2232
2233 return noffset;
2234 }
2235
boot_get_setup_fit(bootm_headers_t * images,uint8_t arch,ulong * setup_start,ulong * setup_len)2236 int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
2237 ulong *setup_start, ulong *setup_len)
2238 {
2239 int noffset;
2240 ulong addr;
2241 ulong len;
2242 int ret;
2243
2244 addr = map_to_sysmem(images->fit_hdr_os);
2245 noffset = fit_get_node_from_config(images, FIT_SETUP_PROP, addr);
2246 if (noffset < 0)
2247 return noffset;
2248
2249 ret = fit_image_load(images, addr, NULL, NULL, arch,
2250 IH_TYPE_X86_SETUP, BOOTSTAGE_ID_FIT_SETUP_START,
2251 FIT_LOAD_REQUIRED, setup_start, &len);
2252
2253 return ret;
2254 }
2255
2256 #ifndef USE_HOSTCC
boot_get_fdt_fit(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,ulong * datap,ulong * lenp)2257 int boot_get_fdt_fit(bootm_headers_t *images, ulong addr,
2258 const char **fit_unamep, const char **fit_uname_configp,
2259 int arch, ulong *datap, ulong *lenp)
2260 {
2261 int fdt_noffset, cfg_noffset, count;
2262 const void *fit;
2263 const char *fit_uname = NULL;
2264 const char *fit_uname_config = NULL;
2265 char *fit_uname_config_copy = NULL;
2266 char *next_config = NULL;
2267 ulong load, len;
2268 #ifdef CONFIG_OF_LIBFDT_OVERLAY
2269 ulong image_start, image_end;
2270 ulong ovload, ovlen;
2271 const char *uconfig;
2272 const char *uname;
2273 void *base, *ov;
2274 int i, err, noffset, ov_noffset;
2275 #endif
2276
2277 fit_uname = fit_unamep ? *fit_unamep : NULL;
2278
2279 if (fit_uname_configp && *fit_uname_configp) {
2280 fit_uname_config_copy = strdup(*fit_uname_configp);
2281 if (!fit_uname_config_copy)
2282 return -ENOMEM;
2283
2284 next_config = strchr(fit_uname_config_copy, '#');
2285 if (next_config)
2286 *next_config++ = '\0';
2287 if (next_config - 1 > fit_uname_config_copy)
2288 fit_uname_config = fit_uname_config_copy;
2289 }
2290
2291 fdt_noffset = fit_image_load(images,
2292 addr, &fit_uname, &fit_uname_config,
2293 arch, IH_TYPE_FLATDT,
2294 BOOTSTAGE_ID_FIT_FDT_START,
2295 FIT_LOAD_OPTIONAL, &load, &len);
2296
2297 if (fdt_noffset < 0)
2298 goto out;
2299
2300 debug("fit_uname=%s, fit_uname_config=%s\n",
2301 fit_uname ? fit_uname : "<NULL>",
2302 fit_uname_config ? fit_uname_config : "<NULL>");
2303
2304 fit = map_sysmem(addr, 0);
2305
2306 cfg_noffset = fit_conf_get_node(fit, fit_uname_config);
2307
2308 /* single blob, or error just return as well */
2309 count = fit_conf_get_prop_node_count(fit, cfg_noffset, FIT_FDT_PROP);
2310 if (count <= 1 && !next_config)
2311 goto out;
2312
2313 /* we need to apply overlays */
2314
2315 #ifdef CONFIG_OF_LIBFDT_OVERLAY
2316 image_start = addr;
2317 image_end = addr + fit_get_size(fit);
2318 /* verify that relocation took place by load address not being in fit */
2319 if (load >= image_start && load < image_end) {
2320 /* check is simplified; fit load checks for overlaps */
2321 printf("Overlayed FDT requires relocation\n");
2322 fdt_noffset = -EBADF;
2323 goto out;
2324 }
2325
2326 base = map_sysmem(load, len);
2327
2328 /* apply extra configs in FIT first, followed by args */
2329 for (i = 1; ; i++) {
2330 if (i < count) {
2331 noffset = fit_conf_get_prop_node_index(fit, cfg_noffset,
2332 FIT_FDT_PROP, i);
2333 uname = fit_get_name(fit, noffset, NULL);
2334 uconfig = NULL;
2335 } else {
2336 if (!next_config)
2337 break;
2338 uconfig = next_config;
2339 next_config = strchr(next_config, '#');
2340 if (next_config)
2341 *next_config++ = '\0';
2342 uname = NULL;
2343
2344 /*
2345 * fit_image_load() would load the first FDT from the
2346 * extra config only when uconfig is specified.
2347 * Check if the extra config contains multiple FDTs and
2348 * if so, load them.
2349 */
2350 cfg_noffset = fit_conf_get_node(fit, uconfig);
2351
2352 i = 0;
2353 count = fit_conf_get_prop_node_count(fit, cfg_noffset,
2354 FIT_FDT_PROP);
2355 }
2356
2357 debug("%d: using uname=%s uconfig=%s\n", i, uname, uconfig);
2358
2359 ov_noffset = fit_image_load(images,
2360 addr, &uname, &uconfig,
2361 arch, IH_TYPE_FLATDT,
2362 BOOTSTAGE_ID_FIT_FDT_START,
2363 FIT_LOAD_REQUIRED, &ovload, &ovlen);
2364 if (ov_noffset < 0) {
2365 printf("load of %s failed\n", uname);
2366 continue;
2367 }
2368 debug("%s loaded at 0x%08lx len=0x%08lx\n",
2369 uname, ovload, ovlen);
2370 ov = map_sysmem(ovload, ovlen);
2371
2372 base = map_sysmem(load, len + ovlen);
2373 err = fdt_open_into(base, base, len + ovlen);
2374 if (err < 0) {
2375 printf("failed on fdt_open_into\n");
2376 fdt_noffset = err;
2377 goto out;
2378 }
2379 /* the verbose method prints out messages on error */
2380 err = fdt_overlay_apply_verbose(base, ov);
2381 if (err < 0) {
2382 fdt_noffset = err;
2383 goto out;
2384 }
2385 fdt_pack(base);
2386 len = fdt_totalsize(base);
2387 }
2388 #else
2389 printf("config with overlays but CONFIG_OF_LIBFDT_OVERLAY not set\n");
2390 fdt_noffset = -EBADF;
2391 #endif
2392
2393 out:
2394 if (datap)
2395 *datap = load;
2396 if (lenp)
2397 *lenp = len;
2398 if (fit_unamep)
2399 *fit_unamep = fit_uname;
2400 if (fit_uname_configp)
2401 *fit_uname_configp = fit_uname_config;
2402
2403 if (fit_uname_config_copy)
2404 free(fit_uname_config_copy);
2405 return fdt_noffset;
2406 }
2407 #endif
2408