1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) 2013, Google Inc.
4 *
5 * (C) Copyright 2008 Semihalf
6 *
7 * (C) Copyright 2000-2006
8 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
9 */
10
11 #define LOG_CATEGORY LOGC_BOOT
12
13 #ifdef USE_HOSTCC
14 #include "mkimage.h"
15 #include <time.h>
16 #include <linux/libfdt.h>
17 #include <u-boot/crc.h>
18 #else
19 #include <linux/compiler.h>
20 #include <common.h>
21 #include <errno.h>
22 #include <log.h>
23 #include <mapmem.h>
24 #include <asm/io.h>
25 #include <malloc.h>
26 #include <asm/global_data.h>
27 DECLARE_GLOBAL_DATA_PTR;
28 #endif /* !USE_HOSTCC*/
29
30 #include <bootm.h>
31 #include <image.h>
32 #include <bootstage.h>
33 #include <linux/kconfig.h>
34 #include <u-boot/crc.h>
35 #include <u-boot/md5.h>
36 #include <u-boot/sha1.h>
37 #include <u-boot/sha256.h>
38 #include <u-boot/sha512.h>
39
40 /*****************************************************************************/
41 /* New uImage format routines */
42 /*****************************************************************************/
43 #ifndef USE_HOSTCC
fit_parse_spec(const char * spec,char sepc,ulong addr_curr,ulong * addr,const char ** name)44 static int fit_parse_spec(const char *spec, char sepc, ulong addr_curr,
45 ulong *addr, const char **name)
46 {
47 const char *sep;
48
49 *addr = addr_curr;
50 *name = NULL;
51
52 sep = strchr(spec, sepc);
53 if (sep) {
54 if (sep - spec > 0)
55 *addr = simple_strtoul(spec, NULL, 16);
56
57 *name = sep + 1;
58 return 1;
59 }
60
61 return 0;
62 }
63
64 /**
65 * fit_parse_conf - parse FIT configuration spec
66 * @spec: input string, containing configuration spec
67 * @add_curr: current image address (to be used as a possible default)
68 * @addr: pointer to a ulong variable, will hold FIT image address of a given
69 * configuration
70 * @conf_name double pointer to a char, will hold pointer to a configuration
71 * unit name
72 *
73 * fit_parse_conf() expects configuration spec in the form of [<addr>]#<conf>,
74 * where <addr> is a FIT image address that contains configuration
75 * with a <conf> unit name.
76 *
77 * Address part is optional, and if omitted default add_curr will
78 * be used instead.
79 *
80 * returns:
81 * 1 if spec is a valid configuration string,
82 * addr and conf_name are set accordingly
83 * 0 otherwise
84 */
fit_parse_conf(const char * spec,ulong addr_curr,ulong * addr,const char ** conf_name)85 int fit_parse_conf(const char *spec, ulong addr_curr,
86 ulong *addr, const char **conf_name)
87 {
88 return fit_parse_spec(spec, '#', addr_curr, addr, conf_name);
89 }
90
91 /**
92 * fit_parse_subimage - parse FIT subimage spec
93 * @spec: input string, containing subimage spec
94 * @add_curr: current image address (to be used as a possible default)
95 * @addr: pointer to a ulong variable, will hold FIT image address of a given
96 * subimage
97 * @image_name: double pointer to a char, will hold pointer to a subimage name
98 *
99 * fit_parse_subimage() expects subimage spec in the form of
100 * [<addr>]:<subimage>, where <addr> is a FIT image address that contains
101 * subimage with a <subimg> unit name.
102 *
103 * Address part is optional, and if omitted default add_curr will
104 * be used instead.
105 *
106 * returns:
107 * 1 if spec is a valid subimage string,
108 * addr and image_name are set accordingly
109 * 0 otherwise
110 */
fit_parse_subimage(const char * spec,ulong addr_curr,ulong * addr,const char ** image_name)111 int fit_parse_subimage(const char *spec, ulong addr_curr,
112 ulong *addr, const char **image_name)
113 {
114 return fit_parse_spec(spec, ':', addr_curr, addr, image_name);
115 }
116 #endif /* !USE_HOSTCC */
117
118 #ifdef USE_HOSTCC
119 /* Host tools use these implementations for Cipher and Signature support */
120 static void *host_blob;
121
image_set_host_blob(void * blob)122 void image_set_host_blob(void *blob)
123 {
124 host_blob = blob;
125 }
126
image_get_host_blob(void)127 void *image_get_host_blob(void)
128 {
129 return host_blob;
130 }
131 #endif /* USE_HOSTCC */
132
fit_get_debug(const void * fit,int noffset,char * prop_name,int err)133 static void fit_get_debug(const void *fit, int noffset,
134 char *prop_name, int err)
135 {
136 debug("Can't get '%s' property from FIT 0x%08lx, node: offset %d, name %s (%s)\n",
137 prop_name, (ulong)fit, noffset, fit_get_name(fit, noffset, NULL),
138 fdt_strerror(err));
139 }
140
141 /**
142 * fit_get_subimage_count - get component (sub-image) count
143 * @fit: pointer to the FIT format image header
144 * @images_noffset: offset of images node
145 *
146 * returns:
147 * number of image components
148 */
fit_get_subimage_count(const void * fit,int images_noffset)149 int fit_get_subimage_count(const void *fit, int images_noffset)
150 {
151 int noffset;
152 int ndepth;
153 int count = 0;
154
155 /* Process its subnodes, print out component images details */
156 for (ndepth = 0, count = 0,
157 noffset = fdt_next_node(fit, images_noffset, &ndepth);
158 (noffset >= 0) && (ndepth > 0);
159 noffset = fdt_next_node(fit, noffset, &ndepth)) {
160 if (ndepth == 1) {
161 count++;
162 }
163 }
164
165 return count;
166 }
167
168 #if CONFIG_IS_ENABLED(FIT_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT)
169 /**
170 * fit_image_print_data() - prints out the hash node details
171 * @fit: pointer to the FIT format image header
172 * @noffset: offset of the hash node
173 * @p: pointer to prefix string
174 * @type: Type of information to print ("hash" or "sign")
175 *
176 * fit_image_print_data() lists properties for the processed hash node
177 *
178 * This function avoid using puts() since it prints a newline on the host
179 * but does not in U-Boot.
180 *
181 * returns:
182 * no returned results
183 */
fit_image_print_data(const void * fit,int noffset,const char * p,const char * type)184 static void fit_image_print_data(const void *fit, int noffset, const char *p,
185 const char *type)
186 {
187 const char *keyname;
188 uint8_t *value;
189 int value_len;
190 char *algo;
191 const char *padding;
192 bool required;
193 int ret, i;
194
195 debug("%s %s node: '%s'\n", p, type,
196 fit_get_name(fit, noffset, NULL));
197 printf("%s %s algo: ", p, type);
198 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
199 printf("invalid/unsupported\n");
200 return;
201 }
202 printf("%s", algo);
203 keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
204 required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
205 if (keyname)
206 printf(":%s", keyname);
207 if (required)
208 printf(" (required)");
209 printf("\n");
210
211 padding = fdt_getprop(fit, noffset, "padding", NULL);
212 if (padding)
213 printf("%s %s padding: %s\n", p, type, padding);
214
215 ret = fit_image_hash_get_value(fit, noffset, &value,
216 &value_len);
217 printf("%s %s value: ", p, type);
218 if (ret) {
219 printf("unavailable\n");
220 } else {
221 for (i = 0; i < value_len; i++)
222 printf("%02x", value[i]);
223 printf("\n");
224 }
225
226 debug("%s %s len: %d\n", p, type, value_len);
227
228 /* Signatures have a time stamp */
229 if (IMAGE_ENABLE_TIMESTAMP && keyname) {
230 time_t timestamp;
231
232 printf("%s Timestamp: ", p);
233 if (fit_get_timestamp(fit, noffset, ×tamp))
234 printf("unavailable\n");
235 else
236 genimg_print_time(timestamp);
237 }
238 }
239
240 /**
241 * fit_image_print_verification_data() - prints out the hash/signature details
242 * @fit: pointer to the FIT format image header
243 * @noffset: offset of the hash or signature node
244 * @p: pointer to prefix string
245 *
246 * This lists properties for the processed hash node
247 *
248 * returns:
249 * no returned results
250 */
fit_image_print_verification_data(const void * fit,int noffset,const char * p)251 static void fit_image_print_verification_data(const void *fit, int noffset,
252 const char *p)
253 {
254 const char *name;
255
256 /*
257 * Check subnode name, must be equal to "hash" or "signature".
258 * Multiple hash/signature nodes require unique unit node
259 * names, e.g. hash-1, hash-2, signature-1, signature-2, etc.
260 */
261 name = fit_get_name(fit, noffset, NULL);
262 if (!strncmp(name, FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME))) {
263 fit_image_print_data(fit, noffset, p, "Hash");
264 } else if (!strncmp(name, FIT_SIG_NODENAME,
265 strlen(FIT_SIG_NODENAME))) {
266 fit_image_print_data(fit, noffset, p, "Sign");
267 }
268 }
269
270 /**
271 * fit_conf_print - prints out the FIT configuration details
272 * @fit: pointer to the FIT format image header
273 * @noffset: offset of the configuration node
274 * @p: pointer to prefix string
275 *
276 * fit_conf_print() lists all mandatory properties for the processed
277 * configuration node.
278 *
279 * returns:
280 * no returned results
281 */
fit_conf_print(const void * fit,int noffset,const char * p)282 static void fit_conf_print(const void *fit, int noffset, const char *p)
283 {
284 char *desc;
285 const char *uname;
286 int ret;
287 int fdt_index, loadables_index;
288 int ndepth;
289
290 /* Mandatory properties */
291 ret = fit_get_desc(fit, noffset, &desc);
292 printf("%s Description: ", p);
293 if (ret)
294 printf("unavailable\n");
295 else
296 printf("%s\n", desc);
297
298 uname = fdt_getprop(fit, noffset, FIT_KERNEL_PROP, NULL);
299 printf("%s Kernel: ", p);
300 if (!uname)
301 printf("unavailable\n");
302 else
303 printf("%s\n", uname);
304
305 /* Optional properties */
306 uname = fdt_getprop(fit, noffset, FIT_RAMDISK_PROP, NULL);
307 if (uname)
308 printf("%s Init Ramdisk: %s\n", p, uname);
309
310 uname = fdt_getprop(fit, noffset, FIT_FIRMWARE_PROP, NULL);
311 if (uname)
312 printf("%s Firmware: %s\n", p, uname);
313
314 for (fdt_index = 0;
315 uname = fdt_stringlist_get(fit, noffset, FIT_FDT_PROP,
316 fdt_index, NULL), uname;
317 fdt_index++) {
318 if (fdt_index == 0)
319 printf("%s FDT: ", p);
320 else
321 printf("%s ", p);
322 printf("%s\n", uname);
323 }
324
325 uname = fdt_getprop(fit, noffset, FIT_FPGA_PROP, NULL);
326 if (uname)
327 printf("%s FPGA: %s\n", p, uname);
328
329 /* Print out all of the specified loadables */
330 for (loadables_index = 0;
331 uname = fdt_stringlist_get(fit, noffset, FIT_LOADABLE_PROP,
332 loadables_index, NULL), uname;
333 loadables_index++) {
334 if (loadables_index == 0) {
335 printf("%s Loadables: ", p);
336 } else {
337 printf("%s ", p);
338 }
339 printf("%s\n", uname);
340 }
341
342 /* Process all hash subnodes of the component configuration node */
343 for (ndepth = 0, noffset = fdt_next_node(fit, noffset, &ndepth);
344 (noffset >= 0) && (ndepth > 0);
345 noffset = fdt_next_node(fit, noffset, &ndepth)) {
346 if (ndepth == 1) {
347 /* Direct child node of the component configuration node */
348 fit_image_print_verification_data(fit, noffset, p);
349 }
350 }
351 }
352
353 /**
354 * fit_print_contents - prints out the contents of the FIT format image
355 * @fit: pointer to the FIT format image header
356 * @p: pointer to prefix string
357 *
358 * fit_print_contents() formats a multi line FIT image contents description.
359 * The routine prints out FIT image properties (root node level) followed by
360 * the details of each component image.
361 *
362 * returns:
363 * no returned results
364 */
fit_print_contents(const void * fit)365 void fit_print_contents(const void *fit)
366 {
367 char *desc;
368 char *uname;
369 int images_noffset;
370 int confs_noffset;
371 int noffset;
372 int ndepth;
373 int count = 0;
374 int ret;
375 const char *p;
376 time_t timestamp;
377
378 /* Indent string is defined in header image.h */
379 p = IMAGE_INDENT_STRING;
380
381 /* Root node properties */
382 ret = fit_get_desc(fit, 0, &desc);
383 printf("%sFIT description: ", p);
384 if (ret)
385 printf("unavailable\n");
386 else
387 printf("%s\n", desc);
388
389 if (IMAGE_ENABLE_TIMESTAMP) {
390 ret = fit_get_timestamp(fit, 0, ×tamp);
391 printf("%sCreated: ", p);
392 if (ret)
393 printf("unavailable\n");
394 else
395 genimg_print_time(timestamp);
396 }
397
398 /* Find images parent node offset */
399 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
400 if (images_noffset < 0) {
401 printf("Can't find images parent node '%s' (%s)\n",
402 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
403 return;
404 }
405
406 /* Process its subnodes, print out component images details */
407 for (ndepth = 0, count = 0,
408 noffset = fdt_next_node(fit, images_noffset, &ndepth);
409 (noffset >= 0) && (ndepth > 0);
410 noffset = fdt_next_node(fit, noffset, &ndepth)) {
411 if (ndepth == 1) {
412 /*
413 * Direct child node of the images parent node,
414 * i.e. component image node.
415 */
416 printf("%s Image %u (%s)\n", p, count++,
417 fit_get_name(fit, noffset, NULL));
418
419 fit_image_print(fit, noffset, p);
420 }
421 }
422
423 /* Find configurations parent node offset */
424 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
425 if (confs_noffset < 0) {
426 debug("Can't get configurations parent node '%s' (%s)\n",
427 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
428 return;
429 }
430
431 /* get default configuration unit name from default property */
432 uname = (char *)fdt_getprop(fit, noffset, FIT_DEFAULT_PROP, NULL);
433 if (uname)
434 printf("%s Default Configuration: '%s'\n", p, uname);
435
436 /* Process its subnodes, print out configurations details */
437 for (ndepth = 0, count = 0,
438 noffset = fdt_next_node(fit, confs_noffset, &ndepth);
439 (noffset >= 0) && (ndepth > 0);
440 noffset = fdt_next_node(fit, noffset, &ndepth)) {
441 if (ndepth == 1) {
442 /*
443 * Direct child node of the configurations parent node,
444 * i.e. configuration node.
445 */
446 printf("%s Configuration %u (%s)\n", p, count++,
447 fit_get_name(fit, noffset, NULL));
448
449 fit_conf_print(fit, noffset, p);
450 }
451 }
452 }
453
454 /**
455 * fit_image_print - prints out the FIT component image details
456 * @fit: pointer to the FIT format image header
457 * @image_noffset: offset of the component image node
458 * @p: pointer to prefix string
459 *
460 * fit_image_print() lists all mandatory properties for the processed component
461 * image. If present, hash nodes are printed out as well. Load
462 * address for images of type firmware is also printed out. Since the load
463 * address is not mandatory for firmware images, it will be output as
464 * "unavailable" when not present.
465 *
466 * returns:
467 * no returned results
468 */
fit_image_print(const void * fit,int image_noffset,const char * p)469 void fit_image_print(const void *fit, int image_noffset, const char *p)
470 {
471 char *desc;
472 uint8_t type, arch, os, comp;
473 size_t size;
474 ulong load, entry;
475 const void *data;
476 int noffset;
477 int ndepth;
478 int ret;
479
480 /* Mandatory properties */
481 ret = fit_get_desc(fit, image_noffset, &desc);
482 printf("%s Description: ", p);
483 if (ret)
484 printf("unavailable\n");
485 else
486 printf("%s\n", desc);
487
488 if (IMAGE_ENABLE_TIMESTAMP) {
489 time_t timestamp;
490
491 ret = fit_get_timestamp(fit, 0, ×tamp);
492 printf("%s Created: ", p);
493 if (ret)
494 printf("unavailable\n");
495 else
496 genimg_print_time(timestamp);
497 }
498
499 fit_image_get_type(fit, image_noffset, &type);
500 printf("%s Type: %s\n", p, genimg_get_type_name(type));
501
502 fit_image_get_comp(fit, image_noffset, &comp);
503 printf("%s Compression: %s\n", p, genimg_get_comp_name(comp));
504
505 ret = fit_image_get_data_and_size(fit, image_noffset, &data, &size);
506
507 if (!host_build()) {
508 printf("%s Data Start: ", p);
509 if (ret) {
510 printf("unavailable\n");
511 } else {
512 void *vdata = (void *)data;
513
514 printf("0x%08lx\n", (ulong)map_to_sysmem(vdata));
515 }
516 }
517
518 printf("%s Data Size: ", p);
519 if (ret)
520 printf("unavailable\n");
521 else
522 genimg_print_size(size);
523
524 /* Remaining, type dependent properties */
525 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
526 (type == IH_TYPE_RAMDISK) || (type == IH_TYPE_FIRMWARE) ||
527 (type == IH_TYPE_FLATDT)) {
528 fit_image_get_arch(fit, image_noffset, &arch);
529 printf("%s Architecture: %s\n", p, genimg_get_arch_name(arch));
530 }
531
532 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_RAMDISK) ||
533 (type == IH_TYPE_FIRMWARE)) {
534 fit_image_get_os(fit, image_noffset, &os);
535 printf("%s OS: %s\n", p, genimg_get_os_name(os));
536 }
537
538 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
539 (type == IH_TYPE_FIRMWARE) || (type == IH_TYPE_RAMDISK) ||
540 (type == IH_TYPE_FPGA)) {
541 ret = fit_image_get_load(fit, image_noffset, &load);
542 printf("%s Load Address: ", p);
543 if (ret)
544 printf("unavailable\n");
545 else
546 printf("0x%08lx\n", load);
547 }
548
549 /* optional load address for FDT */
550 if (type == IH_TYPE_FLATDT && !fit_image_get_load(fit, image_noffset, &load))
551 printf("%s Load Address: 0x%08lx\n", p, load);
552
553 if ((type == IH_TYPE_KERNEL) || (type == IH_TYPE_STANDALONE) ||
554 (type == IH_TYPE_RAMDISK)) {
555 ret = fit_image_get_entry(fit, image_noffset, &entry);
556 printf("%s Entry Point: ", p);
557 if (ret)
558 printf("unavailable\n");
559 else
560 printf("0x%08lx\n", entry);
561 }
562
563 /* Process all hash subnodes of the component image node */
564 for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth);
565 (noffset >= 0) && (ndepth > 0);
566 noffset = fdt_next_node(fit, noffset, &ndepth)) {
567 if (ndepth == 1) {
568 /* Direct child node of the component image node */
569 fit_image_print_verification_data(fit, noffset, p);
570 }
571 }
572 }
573 #else
fit_print_contents(const void * fit)574 void fit_print_contents(const void *fit) { }
fit_image_print(const void * fit,int image_noffset,const char * p)575 void fit_image_print(const void *fit, int image_noffset, const char *p) { }
576 #endif /* CONFIG_IS_ENABLED(FIR_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT) */
577
578 /**
579 * fit_get_desc - get node description property
580 * @fit: pointer to the FIT format image header
581 * @noffset: node offset
582 * @desc: double pointer to the char, will hold pointer to the description
583 *
584 * fit_get_desc() reads description property from a given node, if
585 * description is found pointer to it is returned in third call argument.
586 *
587 * returns:
588 * 0, on success
589 * -1, on failure
590 */
fit_get_desc(const void * fit,int noffset,char ** desc)591 int fit_get_desc(const void *fit, int noffset, char **desc)
592 {
593 int len;
594
595 *desc = (char *)fdt_getprop(fit, noffset, FIT_DESC_PROP, &len);
596 if (*desc == NULL) {
597 fit_get_debug(fit, noffset, FIT_DESC_PROP, len);
598 return -1;
599 }
600
601 return 0;
602 }
603
604 /**
605 * fit_get_timestamp - get node timestamp property
606 * @fit: pointer to the FIT format image header
607 * @noffset: node offset
608 * @timestamp: pointer to the time_t, will hold read timestamp
609 *
610 * fit_get_timestamp() reads timestamp property from given node, if timestamp
611 * is found and has a correct size its value is returned in third call
612 * argument.
613 *
614 * returns:
615 * 0, on success
616 * -1, on property read failure
617 * -2, on wrong timestamp size
618 */
fit_get_timestamp(const void * fit,int noffset,time_t * timestamp)619 int fit_get_timestamp(const void *fit, int noffset, time_t *timestamp)
620 {
621 int len;
622 const void *data;
623
624 data = fdt_getprop(fit, noffset, FIT_TIMESTAMP_PROP, &len);
625 if (data == NULL) {
626 fit_get_debug(fit, noffset, FIT_TIMESTAMP_PROP, len);
627 return -1;
628 }
629 if (len != sizeof(uint32_t)) {
630 debug("FIT timestamp with incorrect size of (%u)\n", len);
631 return -2;
632 }
633
634 *timestamp = uimage_to_cpu(*((uint32_t *)data));
635 return 0;
636 }
637
638 /**
639 * fit_image_get_node - get node offset for component image of a given unit name
640 * @fit: pointer to the FIT format image header
641 * @image_uname: component image node unit name
642 *
643 * fit_image_get_node() finds a component image (within the '/images'
644 * node) of a provided unit name. If image is found its node offset is
645 * returned to the caller.
646 *
647 * returns:
648 * image node offset when found (>=0)
649 * negative number on failure (FDT_ERR_* code)
650 */
fit_image_get_node(const void * fit,const char * image_uname)651 int fit_image_get_node(const void *fit, const char *image_uname)
652 {
653 int noffset, images_noffset;
654
655 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
656 if (images_noffset < 0) {
657 debug("Can't find images parent node '%s' (%s)\n",
658 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
659 return images_noffset;
660 }
661
662 noffset = fdt_subnode_offset(fit, images_noffset, image_uname);
663 if (noffset < 0) {
664 debug("Can't get node offset for image unit name: '%s' (%s)\n",
665 image_uname, fdt_strerror(noffset));
666 }
667
668 return noffset;
669 }
670
671 /**
672 * fit_image_get_os - get os id for a given component image node
673 * @fit: pointer to the FIT format image header
674 * @noffset: component image node offset
675 * @os: pointer to the uint8_t, will hold os numeric id
676 *
677 * fit_image_get_os() finds os property in a given component image node.
678 * If the property is found, its (string) value is translated to the numeric
679 * id which is returned to the caller.
680 *
681 * returns:
682 * 0, on success
683 * -1, on failure
684 */
fit_image_get_os(const void * fit,int noffset,uint8_t * os)685 int fit_image_get_os(const void *fit, int noffset, uint8_t *os)
686 {
687 int len;
688 const void *data;
689
690 /* Get OS name from property data */
691 data = fdt_getprop(fit, noffset, FIT_OS_PROP, &len);
692 if (data == NULL) {
693 fit_get_debug(fit, noffset, FIT_OS_PROP, len);
694 *os = -1;
695 return -1;
696 }
697
698 /* Translate OS name to id */
699 *os = genimg_get_os_id(data);
700 return 0;
701 }
702
703 /**
704 * fit_image_get_arch - get arch id for a given component image node
705 * @fit: pointer to the FIT format image header
706 * @noffset: component image node offset
707 * @arch: pointer to the uint8_t, will hold arch numeric id
708 *
709 * fit_image_get_arch() finds arch property in a given component image node.
710 * If the property is found, its (string) value is translated to the numeric
711 * id which is returned to the caller.
712 *
713 * returns:
714 * 0, on success
715 * -1, on failure
716 */
fit_image_get_arch(const void * fit,int noffset,uint8_t * arch)717 int fit_image_get_arch(const void *fit, int noffset, uint8_t *arch)
718 {
719 int len;
720 const void *data;
721
722 /* Get architecture name from property data */
723 data = fdt_getprop(fit, noffset, FIT_ARCH_PROP, &len);
724 if (data == NULL) {
725 fit_get_debug(fit, noffset, FIT_ARCH_PROP, len);
726 *arch = -1;
727 return -1;
728 }
729
730 /* Translate architecture name to id */
731 *arch = genimg_get_arch_id(data);
732 return 0;
733 }
734
735 /**
736 * fit_image_get_type - get type id for a given component image node
737 * @fit: pointer to the FIT format image header
738 * @noffset: component image node offset
739 * @type: pointer to the uint8_t, will hold type numeric id
740 *
741 * fit_image_get_type() finds type property in a given component image node.
742 * If the property is found, its (string) value is translated to the numeric
743 * id which is returned to the caller.
744 *
745 * returns:
746 * 0, on success
747 * -1, on failure
748 */
fit_image_get_type(const void * fit,int noffset,uint8_t * type)749 int fit_image_get_type(const void *fit, int noffset, uint8_t *type)
750 {
751 int len;
752 const void *data;
753
754 /* Get image type name from property data */
755 data = fdt_getprop(fit, noffset, FIT_TYPE_PROP, &len);
756 if (data == NULL) {
757 fit_get_debug(fit, noffset, FIT_TYPE_PROP, len);
758 *type = -1;
759 return -1;
760 }
761
762 /* Translate image type name to id */
763 *type = genimg_get_type_id(data);
764 return 0;
765 }
766
767 /**
768 * fit_image_get_comp - get comp id for a given component image node
769 * @fit: pointer to the FIT format image header
770 * @noffset: component image node offset
771 * @comp: pointer to the uint8_t, will hold comp numeric id
772 *
773 * fit_image_get_comp() finds comp property in a given component image node.
774 * If the property is found, its (string) value is translated to the numeric
775 * id which is returned to the caller.
776 *
777 * returns:
778 * 0, on success
779 * -1, on failure
780 */
fit_image_get_comp(const void * fit,int noffset,uint8_t * comp)781 int fit_image_get_comp(const void *fit, int noffset, uint8_t *comp)
782 {
783 int len;
784 const void *data;
785
786 /* Get compression name from property data */
787 data = fdt_getprop(fit, noffset, FIT_COMP_PROP, &len);
788 if (data == NULL) {
789 fit_get_debug(fit, noffset, FIT_COMP_PROP, len);
790 *comp = -1;
791 return -1;
792 }
793
794 /* Translate compression name to id */
795 *comp = genimg_get_comp_id(data);
796 return 0;
797 }
798
fit_image_get_address(const void * fit,int noffset,char * name,ulong * load)799 static int fit_image_get_address(const void *fit, int noffset, char *name,
800 ulong *load)
801 {
802 int len, cell_len;
803 const fdt32_t *cell;
804 uint64_t load64 = 0;
805
806 cell = fdt_getprop(fit, noffset, name, &len);
807 if (cell == NULL) {
808 fit_get_debug(fit, noffset, name, len);
809 return -1;
810 }
811
812 cell_len = len >> 2;
813 /* Use load64 to avoid compiling warning for 32-bit target */
814 while (cell_len--) {
815 load64 = (load64 << 32) | uimage_to_cpu(*cell);
816 cell++;
817 }
818
819 if (len > sizeof(ulong) && (uint32_t)(load64 >> 32)) {
820 printf("Unsupported %s address size\n", name);
821 return -1;
822 }
823
824 *load = (ulong)load64;
825
826 return 0;
827 }
828 /**
829 * fit_image_get_load() - get load addr property for given component image node
830 * @fit: pointer to the FIT format image header
831 * @noffset: component image node offset
832 * @load: pointer to the uint32_t, will hold load address
833 *
834 * fit_image_get_load() finds load address property in a given component
835 * image node. If the property is found, its value is returned to the caller.
836 *
837 * returns:
838 * 0, on success
839 * -1, on failure
840 */
fit_image_get_load(const void * fit,int noffset,ulong * load)841 int fit_image_get_load(const void *fit, int noffset, ulong *load)
842 {
843 return fit_image_get_address(fit, noffset, FIT_LOAD_PROP, load);
844 }
845
846 /**
847 * fit_image_get_entry() - get entry point address property
848 * @fit: pointer to the FIT format image header
849 * @noffset: component image node offset
850 * @entry: pointer to the uint32_t, will hold entry point address
851 *
852 * This gets the entry point address property for a given component image
853 * node.
854 *
855 * fit_image_get_entry() finds entry point address property in a given
856 * component image node. If the property is found, its value is returned
857 * to the caller.
858 *
859 * returns:
860 * 0, on success
861 * -1, on failure
862 */
fit_image_get_entry(const void * fit,int noffset,ulong * entry)863 int fit_image_get_entry(const void *fit, int noffset, ulong *entry)
864 {
865 return fit_image_get_address(fit, noffset, FIT_ENTRY_PROP, entry);
866 }
867
868 /**
869 * fit_image_get_data - get data property and its size for a given component image node
870 * @fit: pointer to the FIT format image header
871 * @noffset: component image node offset
872 * @data: double pointer to void, will hold data property's data address
873 * @size: pointer to size_t, will hold data property's data size
874 *
875 * fit_image_get_data() finds data property in a given component image node.
876 * If the property is found its data start address and size are returned to
877 * the caller.
878 *
879 * returns:
880 * 0, on success
881 * -1, on failure
882 */
fit_image_get_data(const void * fit,int noffset,const void ** data,size_t * size)883 int fit_image_get_data(const void *fit, int noffset,
884 const void **data, size_t *size)
885 {
886 int len;
887
888 *data = fdt_getprop(fit, noffset, FIT_DATA_PROP, &len);
889 if (*data == NULL) {
890 fit_get_debug(fit, noffset, FIT_DATA_PROP, len);
891 *size = 0;
892 return -1;
893 }
894
895 *size = len;
896 return 0;
897 }
898
899 /**
900 * Get 'data-offset' property from a given image node.
901 *
902 * @fit: pointer to the FIT image header
903 * @noffset: component image node offset
904 * @data_offset: holds the data-offset property
905 *
906 * returns:
907 * 0, on success
908 * -ENOENT if the property could not be found
909 */
fit_image_get_data_offset(const void * fit,int noffset,int * data_offset)910 int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset)
911 {
912 const fdt32_t *val;
913
914 val = fdt_getprop(fit, noffset, FIT_DATA_OFFSET_PROP, NULL);
915 if (!val)
916 return -ENOENT;
917
918 *data_offset = fdt32_to_cpu(*val);
919
920 return 0;
921 }
922
923 /**
924 * Get 'data-position' property from a given image node.
925 *
926 * @fit: pointer to the FIT image header
927 * @noffset: component image node offset
928 * @data_position: holds the data-position property
929 *
930 * returns:
931 * 0, on success
932 * -ENOENT if the property could not be found
933 */
fit_image_get_data_position(const void * fit,int noffset,int * data_position)934 int fit_image_get_data_position(const void *fit, int noffset,
935 int *data_position)
936 {
937 const fdt32_t *val;
938
939 val = fdt_getprop(fit, noffset, FIT_DATA_POSITION_PROP, NULL);
940 if (!val)
941 return -ENOENT;
942
943 *data_position = fdt32_to_cpu(*val);
944
945 return 0;
946 }
947
948 /**
949 * Get 'data-size' property from a given image node.
950 *
951 * @fit: pointer to the FIT image header
952 * @noffset: component image node offset
953 * @data_size: holds the data-size property
954 *
955 * returns:
956 * 0, on success
957 * -ENOENT if the property could not be found
958 */
fit_image_get_data_size(const void * fit,int noffset,int * data_size)959 int fit_image_get_data_size(const void *fit, int noffset, int *data_size)
960 {
961 const fdt32_t *val;
962
963 val = fdt_getprop(fit, noffset, FIT_DATA_SIZE_PROP, NULL);
964 if (!val)
965 return -ENOENT;
966
967 *data_size = fdt32_to_cpu(*val);
968
969 return 0;
970 }
971
972 /**
973 * Get 'data-size-unciphered' property from a given image node.
974 *
975 * @fit: pointer to the FIT image header
976 * @noffset: component image node offset
977 * @data_size: holds the data-size property
978 *
979 * returns:
980 * 0, on success
981 * -ENOENT if the property could not be found
982 */
fit_image_get_data_size_unciphered(const void * fit,int noffset,size_t * data_size)983 int fit_image_get_data_size_unciphered(const void *fit, int noffset,
984 size_t *data_size)
985 {
986 const fdt32_t *val;
987
988 val = fdt_getprop(fit, noffset, "data-size-unciphered", NULL);
989 if (!val)
990 return -ENOENT;
991
992 *data_size = (size_t)fdt32_to_cpu(*val);
993
994 return 0;
995 }
996
997 /**
998 * fit_image_get_data_and_size - get data and its size including
999 * both embedded and external data
1000 * @fit: pointer to the FIT format image header
1001 * @noffset: component image node offset
1002 * @data: double pointer to void, will hold data property's data address
1003 * @size: pointer to size_t, will hold data property's data size
1004 *
1005 * fit_image_get_data_and_size() finds data and its size including
1006 * both embedded and external data. If the property is found
1007 * its data start address and size are returned to the caller.
1008 *
1009 * returns:
1010 * 0, on success
1011 * otherwise, on failure
1012 */
fit_image_get_data_and_size(const void * fit,int noffset,const void ** data,size_t * size)1013 int fit_image_get_data_and_size(const void *fit, int noffset,
1014 const void **data, size_t *size)
1015 {
1016 bool external_data = false;
1017 int offset;
1018 int len;
1019 int ret;
1020
1021 if (!fit_image_get_data_position(fit, noffset, &offset)) {
1022 external_data = true;
1023 } else if (!fit_image_get_data_offset(fit, noffset, &offset)) {
1024 external_data = true;
1025 /*
1026 * For FIT with external data, figure out where
1027 * the external images start. This is the base
1028 * for the data-offset properties in each image.
1029 */
1030 offset += ((fdt_totalsize(fit) + 3) & ~3);
1031 }
1032
1033 if (external_data) {
1034 debug("External Data\n");
1035 ret = fit_image_get_data_size(fit, noffset, &len);
1036 if (!ret) {
1037 *data = fit + offset;
1038 *size = len;
1039 }
1040 } else {
1041 ret = fit_image_get_data(fit, noffset, data, size);
1042 }
1043
1044 return ret;
1045 }
1046
1047 /**
1048 * fit_image_hash_get_algo - get hash algorithm name
1049 * @fit: pointer to the FIT format image header
1050 * @noffset: hash node offset
1051 * @algo: double pointer to char, will hold pointer to the algorithm name
1052 *
1053 * fit_image_hash_get_algo() finds hash algorithm property in a given hash node.
1054 * If the property is found its data start address is returned to the caller.
1055 *
1056 * returns:
1057 * 0, on success
1058 * -1, on failure
1059 */
fit_image_hash_get_algo(const void * fit,int noffset,char ** algo)1060 int fit_image_hash_get_algo(const void *fit, int noffset, char **algo)
1061 {
1062 int len;
1063
1064 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
1065 if (*algo == NULL) {
1066 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
1067 return -1;
1068 }
1069
1070 return 0;
1071 }
1072
1073 /**
1074 * fit_image_hash_get_value - get hash value and length
1075 * @fit: pointer to the FIT format image header
1076 * @noffset: hash node offset
1077 * @value: double pointer to uint8_t, will hold address of a hash value data
1078 * @value_len: pointer to an int, will hold hash data length
1079 *
1080 * fit_image_hash_get_value() finds hash value property in a given hash node.
1081 * If the property is found its data start address and size are returned to
1082 * the caller.
1083 *
1084 * returns:
1085 * 0, on success
1086 * -1, on failure
1087 */
fit_image_hash_get_value(const void * fit,int noffset,uint8_t ** value,int * value_len)1088 int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value,
1089 int *value_len)
1090 {
1091 int len;
1092
1093 *value = (uint8_t *)fdt_getprop(fit, noffset, FIT_VALUE_PROP, &len);
1094 if (*value == NULL) {
1095 fit_get_debug(fit, noffset, FIT_VALUE_PROP, len);
1096 *value_len = 0;
1097 return -1;
1098 }
1099
1100 *value_len = len;
1101 return 0;
1102 }
1103
1104 /**
1105 * fit_image_hash_get_ignore - get hash ignore flag
1106 * @fit: pointer to the FIT format image header
1107 * @noffset: hash node offset
1108 * @ignore: pointer to an int, will hold hash ignore flag
1109 *
1110 * fit_image_hash_get_ignore() finds hash ignore property in a given hash node.
1111 * If the property is found and non-zero, the hash algorithm is not verified by
1112 * u-boot automatically.
1113 *
1114 * returns:
1115 * 0, on ignore not found
1116 * value, on ignore found
1117 */
fit_image_hash_get_ignore(const void * fit,int noffset,int * ignore)1118 static int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore)
1119 {
1120 int len;
1121 int *value;
1122
1123 value = (int *)fdt_getprop(fit, noffset, FIT_IGNORE_PROP, &len);
1124 if (value == NULL || len != sizeof(int))
1125 *ignore = 0;
1126 else
1127 *ignore = *value;
1128
1129 return 0;
1130 }
1131
1132 /**
1133 * fit_image_cipher_get_algo - get cipher algorithm name
1134 * @fit: pointer to the FIT format image header
1135 * @noffset: cipher node offset
1136 * @algo: double pointer to char, will hold pointer to the algorithm name
1137 *
1138 * fit_image_cipher_get_algo() finds cipher algorithm property in a given
1139 * cipher node. If the property is found its data start address is returned
1140 * to the caller.
1141 *
1142 * returns:
1143 * 0, on success
1144 * -1, on failure
1145 */
fit_image_cipher_get_algo(const void * fit,int noffset,char ** algo)1146 int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo)
1147 {
1148 int len;
1149
1150 *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len);
1151 if (!*algo) {
1152 fit_get_debug(fit, noffset, FIT_ALGO_PROP, len);
1153 return -1;
1154 }
1155
1156 return 0;
1157 }
1158
fit_get_end(const void * fit)1159 ulong fit_get_end(const void *fit)
1160 {
1161 return map_to_sysmem((void *)(fit + fdt_totalsize(fit)));
1162 }
1163
1164 /**
1165 * fit_set_timestamp - set node timestamp property
1166 * @fit: pointer to the FIT format image header
1167 * @noffset: node offset
1168 * @timestamp: timestamp value to be set
1169 *
1170 * fit_set_timestamp() attempts to set timestamp property in the requested
1171 * node and returns operation status to the caller.
1172 *
1173 * returns:
1174 * 0, on success
1175 * -ENOSPC if no space in device tree, -1 for other error
1176 */
fit_set_timestamp(void * fit,int noffset,time_t timestamp)1177 int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
1178 {
1179 uint32_t t;
1180 int ret;
1181
1182 t = cpu_to_uimage(timestamp);
1183 ret = fdt_setprop(fit, noffset, FIT_TIMESTAMP_PROP, &t,
1184 sizeof(uint32_t));
1185 if (ret) {
1186 debug("Can't set '%s' property for '%s' node (%s)\n",
1187 FIT_TIMESTAMP_PROP, fit_get_name(fit, noffset, NULL),
1188 fdt_strerror(ret));
1189 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1;
1190 }
1191
1192 return 0;
1193 }
1194
1195 /**
1196 * calculate_hash - calculate and return hash for provided input data
1197 * @data: pointer to the input data
1198 * @data_len: data length
1199 * @algo: requested hash algorithm
1200 * @value: pointer to the char, will hold hash value data (caller must
1201 * allocate enough free space)
1202 * value_len: length of the calculated hash
1203 *
1204 * calculate_hash() computes input data hash according to the requested
1205 * algorithm.
1206 * Resulting hash value is placed in caller provided 'value' buffer, length
1207 * of the calculated hash is returned via value_len pointer argument.
1208 *
1209 * returns:
1210 * 0, on success
1211 * -1, when algo is unsupported
1212 */
calculate_hash(const void * data,int data_len,const char * algo,uint8_t * value,int * value_len)1213 int calculate_hash(const void *data, int data_len, const char *algo,
1214 uint8_t *value, int *value_len)
1215 {
1216 if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
1217 *((uint32_t *)value) = crc32_wd(0, data, data_len,
1218 CHUNKSZ_CRC32);
1219 *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
1220 *value_len = 4;
1221 } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
1222 sha1_csum_wd((unsigned char *)data, data_len,
1223 (unsigned char *)value, CHUNKSZ_SHA1);
1224 *value_len = 20;
1225 } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
1226 sha256_csum_wd((unsigned char *)data, data_len,
1227 (unsigned char *)value, CHUNKSZ_SHA256);
1228 *value_len = SHA256_SUM_LEN;
1229 } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
1230 sha384_csum_wd((unsigned char *)data, data_len,
1231 (unsigned char *)value, CHUNKSZ_SHA384);
1232 *value_len = SHA384_SUM_LEN;
1233 } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
1234 sha512_csum_wd((unsigned char *)data, data_len,
1235 (unsigned char *)value, CHUNKSZ_SHA512);
1236 *value_len = SHA512_SUM_LEN;
1237 } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
1238 md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
1239 *value_len = 16;
1240 } else {
1241 debug("Unsupported hash alogrithm\n");
1242 return -1;
1243 }
1244 return 0;
1245 }
1246
fit_image_check_hash(const void * fit,int noffset,const void * data,size_t size,char ** err_msgp)1247 static int fit_image_check_hash(const void *fit, int noffset, const void *data,
1248 size_t size, char **err_msgp)
1249 {
1250 uint8_t value[FIT_MAX_HASH_LEN];
1251 int value_len;
1252 char *algo;
1253 uint8_t *fit_value;
1254 int fit_value_len;
1255 int ignore;
1256
1257 *err_msgp = NULL;
1258
1259 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
1260 *err_msgp = "Can't get hash algo property";
1261 return -1;
1262 }
1263 printf("%s", algo);
1264
1265 if (IMAGE_ENABLE_IGNORE) {
1266 fit_image_hash_get_ignore(fit, noffset, &ignore);
1267 if (ignore) {
1268 printf("-skipped ");
1269 return 0;
1270 }
1271 }
1272
1273 if (fit_image_hash_get_value(fit, noffset, &fit_value,
1274 &fit_value_len)) {
1275 *err_msgp = "Can't get hash value property";
1276 return -1;
1277 }
1278
1279 if (calculate_hash(data, size, algo, value, &value_len)) {
1280 *err_msgp = "Unsupported hash algorithm";
1281 return -1;
1282 }
1283
1284 if (value_len != fit_value_len) {
1285 *err_msgp = "Bad hash value len";
1286 return -1;
1287 } else if (memcmp(value, fit_value, value_len) != 0) {
1288 *err_msgp = "Bad hash value";
1289 return -1;
1290 }
1291
1292 return 0;
1293 }
1294
fit_image_verify_with_data(const void * fit,int image_noffset,const void * data,size_t size)1295 int fit_image_verify_with_data(const void *fit, int image_noffset,
1296 const void *data, size_t size)
1297 {
1298 int noffset = 0;
1299 char *err_msg = "";
1300 int verify_all = 1;
1301 int ret;
1302
1303 /* Verify all required signatures */
1304 if (FIT_IMAGE_ENABLE_VERIFY &&
1305 fit_image_verify_required_sigs(fit, image_noffset, data, size,
1306 gd_fdt_blob(), &verify_all)) {
1307 err_msg = "Unable to verify required signature";
1308 goto error;
1309 }
1310
1311 /* Process all hash subnodes of the component image node */
1312 fdt_for_each_subnode(noffset, fit, image_noffset) {
1313 const char *name = fit_get_name(fit, noffset, NULL);
1314
1315 /*
1316 * Check subnode name, must be equal to "hash".
1317 * Multiple hash nodes require unique unit node
1318 * names, e.g. hash-1, hash-2, etc.
1319 */
1320 if (!strncmp(name, FIT_HASH_NODENAME,
1321 strlen(FIT_HASH_NODENAME))) {
1322 if (fit_image_check_hash(fit, noffset, data, size,
1323 &err_msg))
1324 goto error;
1325 puts("+ ");
1326 } else if (FIT_IMAGE_ENABLE_VERIFY && verify_all &&
1327 !strncmp(name, FIT_SIG_NODENAME,
1328 strlen(FIT_SIG_NODENAME))) {
1329 ret = fit_image_check_sig(fit, noffset, data,
1330 size, -1, &err_msg);
1331
1332 /*
1333 * Show an indication on failure, but do not return
1334 * an error. Only keys marked 'required' can cause
1335 * an image validation failure. See the call to
1336 * fit_image_verify_required_sigs() above.
1337 */
1338 if (ret)
1339 puts("- ");
1340 else
1341 puts("+ ");
1342 }
1343 }
1344
1345 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) {
1346 err_msg = "Corrupted or truncated tree";
1347 goto error;
1348 }
1349
1350 return 1;
1351
1352 error:
1353 printf(" error!\n%s for '%s' hash node in '%s' image node\n",
1354 err_msg, fit_get_name(fit, noffset, NULL),
1355 fit_get_name(fit, image_noffset, NULL));
1356 return 0;
1357 }
1358
1359 /**
1360 * fit_image_verify - verify data integrity
1361 * @fit: pointer to the FIT format image header
1362 * @image_noffset: component image node offset
1363 *
1364 * fit_image_verify() goes over component image hash nodes,
1365 * re-calculates each data hash and compares with the value stored in hash
1366 * node.
1367 *
1368 * returns:
1369 * 1, if all hashes are valid
1370 * 0, otherwise (or on error)
1371 */
fit_image_verify(const void * fit,int image_noffset)1372 int fit_image_verify(const void *fit, int image_noffset)
1373 {
1374 const char *name = fit_get_name(fit, image_noffset, NULL);
1375 const void *data;
1376 size_t size;
1377 char *err_msg = "";
1378
1379 if (strchr(name, '@')) {
1380 /*
1381 * We don't support this since libfdt considers names with the
1382 * name root but different @ suffix to be equal
1383 */
1384 err_msg = "Node name contains @";
1385 goto err;
1386 }
1387 /* Get image data and data length */
1388 if (fit_image_get_data_and_size(fit, image_noffset, &data, &size)) {
1389 err_msg = "Can't get image data/size";
1390 goto err;
1391 }
1392
1393 return fit_image_verify_with_data(fit, image_noffset, data, size);
1394
1395 err:
1396 printf("error!\n%s in '%s' image node\n", err_msg,
1397 fit_get_name(fit, image_noffset, NULL));
1398 return 0;
1399 }
1400
1401 /**
1402 * fit_all_image_verify - verify data integrity for all images
1403 * @fit: pointer to the FIT format image header
1404 *
1405 * fit_all_image_verify() goes over all images in the FIT and
1406 * for every images checks if all it's hashes are valid.
1407 *
1408 * returns:
1409 * 1, if all hashes of all images are valid
1410 * 0, otherwise (or on error)
1411 */
fit_all_image_verify(const void * fit)1412 int fit_all_image_verify(const void *fit)
1413 {
1414 int images_noffset;
1415 int noffset;
1416 int ndepth;
1417 int count;
1418
1419 /* Find images parent node offset */
1420 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1421 if (images_noffset < 0) {
1422 printf("Can't find images parent node '%s' (%s)\n",
1423 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
1424 return 0;
1425 }
1426
1427 /* Process all image subnodes, check hashes for each */
1428 printf("## Checking hash(es) for FIT Image at %08lx ...\n",
1429 (ulong)fit);
1430 for (ndepth = 0, count = 0,
1431 noffset = fdt_next_node(fit, images_noffset, &ndepth);
1432 (noffset >= 0) && (ndepth > 0);
1433 noffset = fdt_next_node(fit, noffset, &ndepth)) {
1434 if (ndepth == 1) {
1435 /*
1436 * Direct child node of the images parent node,
1437 * i.e. component image node.
1438 */
1439 printf(" Hash(es) for Image %u (%s): ", count,
1440 fit_get_name(fit, noffset, NULL));
1441 count++;
1442
1443 if (!fit_image_verify(fit, noffset))
1444 return 0;
1445 printf("\n");
1446 }
1447 }
1448 return 1;
1449 }
1450
fit_image_uncipher(const void * fit,int image_noffset,void ** data,size_t * size)1451 static int fit_image_uncipher(const void *fit, int image_noffset,
1452 void **data, size_t *size)
1453 {
1454 int cipher_noffset, ret;
1455 void *dst;
1456 size_t size_dst;
1457
1458 cipher_noffset = fdt_subnode_offset(fit, image_noffset,
1459 FIT_CIPHER_NODENAME);
1460 if (cipher_noffset < 0)
1461 return 0;
1462
1463 ret = fit_image_decrypt_data(fit, image_noffset, cipher_noffset,
1464 *data, *size, &dst, &size_dst);
1465 if (ret)
1466 goto out;
1467
1468 *data = dst;
1469 *size = size_dst;
1470
1471 out:
1472 return ret;
1473 }
1474
1475 /**
1476 * fit_image_check_os - check whether image node is of a given os type
1477 * @fit: pointer to the FIT format image header
1478 * @noffset: component image node offset
1479 * @os: requested image os
1480 *
1481 * fit_image_check_os() reads image os property and compares its numeric
1482 * id with the requested os. Comparison result is returned to the caller.
1483 *
1484 * returns:
1485 * 1 if image is of given os type
1486 * 0 otherwise (or on error)
1487 */
fit_image_check_os(const void * fit,int noffset,uint8_t os)1488 int fit_image_check_os(const void *fit, int noffset, uint8_t os)
1489 {
1490 uint8_t image_os;
1491
1492 if (fit_image_get_os(fit, noffset, &image_os))
1493 return 0;
1494 return (os == image_os);
1495 }
1496
1497 /**
1498 * fit_image_check_arch - check whether image node is of a given arch
1499 * @fit: pointer to the FIT format image header
1500 * @noffset: component image node offset
1501 * @arch: requested imagearch
1502 *
1503 * fit_image_check_arch() reads image arch property and compares its numeric
1504 * id with the requested arch. Comparison result is returned to the caller.
1505 *
1506 * returns:
1507 * 1 if image is of given arch
1508 * 0 otherwise (or on error)
1509 */
fit_image_check_arch(const void * fit,int noffset,uint8_t arch)1510 int fit_image_check_arch(const void *fit, int noffset, uint8_t arch)
1511 {
1512 uint8_t image_arch;
1513 int aarch32_support = 0;
1514
1515 if (IS_ENABLED(CONFIG_ARM64_SUPPORT_AARCH32))
1516 aarch32_support = 1;
1517
1518 if (fit_image_get_arch(fit, noffset, &image_arch))
1519 return 0;
1520 return (arch == image_arch) ||
1521 (arch == IH_ARCH_I386 && image_arch == IH_ARCH_X86_64) ||
1522 (arch == IH_ARCH_ARM64 && image_arch == IH_ARCH_ARM &&
1523 aarch32_support);
1524 }
1525
1526 /**
1527 * fit_image_check_type - check whether image node is of a given type
1528 * @fit: pointer to the FIT format image header
1529 * @noffset: component image node offset
1530 * @type: requested image type
1531 *
1532 * fit_image_check_type() reads image type property and compares its numeric
1533 * id with the requested type. Comparison result is returned to the caller.
1534 *
1535 * returns:
1536 * 1 if image is of given type
1537 * 0 otherwise (or on error)
1538 */
fit_image_check_type(const void * fit,int noffset,uint8_t type)1539 int fit_image_check_type(const void *fit, int noffset, uint8_t type)
1540 {
1541 uint8_t image_type;
1542
1543 if (fit_image_get_type(fit, noffset, &image_type))
1544 return 0;
1545 return (type == image_type);
1546 }
1547
1548 /**
1549 * fit_image_check_comp - check whether image node uses given compression
1550 * @fit: pointer to the FIT format image header
1551 * @noffset: component image node offset
1552 * @comp: requested image compression type
1553 *
1554 * fit_image_check_comp() reads image compression property and compares its
1555 * numeric id with the requested compression type. Comparison result is
1556 * returned to the caller.
1557 *
1558 * returns:
1559 * 1 if image uses requested compression
1560 * 0 otherwise (or on error)
1561 */
fit_image_check_comp(const void * fit,int noffset,uint8_t comp)1562 int fit_image_check_comp(const void *fit, int noffset, uint8_t comp)
1563 {
1564 uint8_t image_comp;
1565
1566 if (fit_image_get_comp(fit, noffset, &image_comp))
1567 return 0;
1568 return (comp == image_comp);
1569 }
1570
1571 /**
1572 * fdt_check_no_at() - Check for nodes whose names contain '@'
1573 *
1574 * This checks the parent node and all subnodes recursively
1575 *
1576 * @fit: FIT to check
1577 * @parent: Parent node to check
1578 * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@'
1579 */
fdt_check_no_at(const void * fit,int parent)1580 static int fdt_check_no_at(const void *fit, int parent)
1581 {
1582 const char *name;
1583 int node;
1584 int ret;
1585
1586 name = fdt_get_name(fit, parent, NULL);
1587 if (!name || strchr(name, '@'))
1588 return -EADDRNOTAVAIL;
1589
1590 fdt_for_each_subnode(node, fit, parent) {
1591 ret = fdt_check_no_at(fit, node);
1592 if (ret)
1593 return ret;
1594 }
1595
1596 return 0;
1597 }
1598
fit_check_format(const void * fit,ulong size)1599 int fit_check_format(const void *fit, ulong size)
1600 {
1601 int ret;
1602
1603 /* A FIT image must be a valid FDT */
1604 ret = fdt_check_header(fit);
1605 if (ret) {
1606 log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n",
1607 ret);
1608 return -ENOEXEC;
1609 }
1610
1611 if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) {
1612 /*
1613 * If we are not given the size, make do wtih calculating it.
1614 * This is not as secure, so we should consider a flag to
1615 * control this.
1616 */
1617 if (size == IMAGE_SIZE_INVAL)
1618 size = fdt_totalsize(fit);
1619 ret = fdt_check_full(fit, size);
1620 if (ret)
1621 ret = -EINVAL;
1622
1623 /*
1624 * U-Boot stopped using unit addressed in 2017. Since libfdt
1625 * can match nodes ignoring any unit address, signature
1626 * verification can see the wrong node if one is inserted with
1627 * the same name as a valid node but with a unit address
1628 * attached. Protect against this by disallowing unit addresses.
1629 */
1630 if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
1631 ret = fdt_check_no_at(fit, 0);
1632
1633 if (ret) {
1634 log_debug("FIT check error %d\n", ret);
1635 return ret;
1636 }
1637 }
1638 if (ret) {
1639 log_debug("FIT check error %d\n", ret);
1640 return ret;
1641 }
1642 }
1643
1644 /* mandatory / node 'description' property */
1645 if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) {
1646 log_debug("Wrong FIT format: no description\n");
1647 return -ENOMSG;
1648 }
1649
1650 if (IMAGE_ENABLE_TIMESTAMP) {
1651 /* mandatory / node 'timestamp' property */
1652 if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) {
1653 log_debug("Wrong FIT format: no timestamp\n");
1654 return -EBADMSG;
1655 }
1656 }
1657
1658 /* mandatory subimages parent '/images' node */
1659 if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) {
1660 log_debug("Wrong FIT format: no images parent node\n");
1661 return -ENOENT;
1662 }
1663
1664 return 0;
1665 }
1666
1667 /**
1668 * fit_conf_find_compat
1669 * @fit: pointer to the FIT format image header
1670 * @fdt: pointer to the device tree to compare against
1671 *
1672 * fit_conf_find_compat() attempts to find the configuration whose fdt is the
1673 * most compatible with the passed in device tree.
1674 *
1675 * Example:
1676 *
1677 * / o image-tree
1678 * |-o images
1679 * | |-o fdt-1
1680 * | |-o fdt-2
1681 * |
1682 * |-o configurations
1683 * |-o config-1
1684 * | |-fdt = fdt-1
1685 * |
1686 * |-o config-2
1687 * |-fdt = fdt-2
1688 *
1689 * / o U-Boot fdt
1690 * |-compatible = "foo,bar", "bim,bam"
1691 *
1692 * / o kernel fdt1
1693 * |-compatible = "foo,bar",
1694 *
1695 * / o kernel fdt2
1696 * |-compatible = "bim,bam", "baz,biz"
1697 *
1698 * Configuration 1 would be picked because the first string in U-Boot's
1699 * compatible list, "foo,bar", matches a compatible string in the root of fdt1.
1700 * "bim,bam" in fdt2 matches the second string which isn't as good as fdt1.
1701 *
1702 * As an optimization, the compatible property from the FDT's root node can be
1703 * copied into the configuration node in the FIT image. This is required to
1704 * match configurations with compressed FDTs.
1705 *
1706 * returns:
1707 * offset to the configuration to use if one was found
1708 * -1 otherwise
1709 */
fit_conf_find_compat(const void * fit,const void * fdt)1710 int fit_conf_find_compat(const void *fit, const void *fdt)
1711 {
1712 int ndepth = 0;
1713 int noffset, confs_noffset, images_noffset;
1714 const void *fdt_compat;
1715 int fdt_compat_len;
1716 int best_match_offset = 0;
1717 int best_match_pos = 0;
1718
1719 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1720 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1721 if (confs_noffset < 0 || images_noffset < 0) {
1722 debug("Can't find configurations or images nodes.\n");
1723 return -1;
1724 }
1725
1726 fdt_compat = fdt_getprop(fdt, 0, "compatible", &fdt_compat_len);
1727 if (!fdt_compat) {
1728 debug("Fdt for comparison has no \"compatible\" property.\n");
1729 return -1;
1730 }
1731
1732 /*
1733 * Loop over the configurations in the FIT image.
1734 */
1735 for (noffset = fdt_next_node(fit, confs_noffset, &ndepth);
1736 (noffset >= 0) && (ndepth > 0);
1737 noffset = fdt_next_node(fit, noffset, &ndepth)) {
1738 const void *fdt;
1739 const char *kfdt_name;
1740 int kfdt_noffset, compat_noffset;
1741 const char *cur_fdt_compat;
1742 int len;
1743 size_t sz;
1744 int i;
1745
1746 if (ndepth > 1)
1747 continue;
1748
1749 /* If there's a compat property in the config node, use that. */
1750 if (fdt_getprop(fit, noffset, "compatible", NULL)) {
1751 fdt = fit; /* search in FIT image */
1752 compat_noffset = noffset; /* search under config node */
1753 } else { /* Otherwise extract it from the kernel FDT. */
1754 kfdt_name = fdt_getprop(fit, noffset, "fdt", &len);
1755 if (!kfdt_name) {
1756 debug("No fdt property found.\n");
1757 continue;
1758 }
1759 kfdt_noffset = fdt_subnode_offset(fit, images_noffset,
1760 kfdt_name);
1761 if (kfdt_noffset < 0) {
1762 debug("No image node named \"%s\" found.\n",
1763 kfdt_name);
1764 continue;
1765 }
1766
1767 if (!fit_image_check_comp(fit, kfdt_noffset,
1768 IH_COMP_NONE)) {
1769 debug("Can't extract compat from \"%s\" "
1770 "(compressed)\n", kfdt_name);
1771 continue;
1772 }
1773
1774 /* search in this config's kernel FDT */
1775 if (fit_image_get_data(fit, kfdt_noffset, &fdt, &sz)) {
1776 debug("Failed to get fdt \"%s\".\n", kfdt_name);
1777 continue;
1778 }
1779
1780 compat_noffset = 0; /* search kFDT under root node */
1781 }
1782
1783 len = fdt_compat_len;
1784 cur_fdt_compat = fdt_compat;
1785 /*
1786 * Look for a match for each U-Boot compatibility string in
1787 * turn in the compat string property.
1788 */
1789 for (i = 0; len > 0 &&
1790 (!best_match_offset || best_match_pos > i); i++) {
1791 int cur_len = strlen(cur_fdt_compat) + 1;
1792
1793 if (!fdt_node_check_compatible(fdt, compat_noffset,
1794 cur_fdt_compat)) {
1795 best_match_offset = noffset;
1796 best_match_pos = i;
1797 break;
1798 }
1799 len -= cur_len;
1800 cur_fdt_compat += cur_len;
1801 }
1802 }
1803 if (!best_match_offset) {
1804 debug("No match found.\n");
1805 return -1;
1806 }
1807
1808 return best_match_offset;
1809 }
1810
fit_conf_get_node(const void * fit,const char * conf_uname)1811 int fit_conf_get_node(const void *fit, const char *conf_uname)
1812 {
1813 int noffset, confs_noffset;
1814 int len;
1815 const char *s;
1816 char *conf_uname_copy = NULL;
1817
1818 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1819 if (confs_noffset < 0) {
1820 debug("Can't find configurations parent node '%s' (%s)\n",
1821 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
1822 return confs_noffset;
1823 }
1824
1825 if (conf_uname == NULL) {
1826 /* get configuration unit name from the default property */
1827 debug("No configuration specified, trying default...\n");
1828 if (!host_build() && IS_ENABLED(CONFIG_MULTI_DTB_FIT)) {
1829 noffset = fit_find_config_node(fit);
1830 if (noffset < 0)
1831 return noffset;
1832 conf_uname = fdt_get_name(fit, noffset, NULL);
1833 } else {
1834 conf_uname = (char *)fdt_getprop(fit, confs_noffset,
1835 FIT_DEFAULT_PROP, &len);
1836 if (conf_uname == NULL) {
1837 fit_get_debug(fit, confs_noffset, FIT_DEFAULT_PROP,
1838 len);
1839 return len;
1840 }
1841 }
1842 debug("Found default configuration: '%s'\n", conf_uname);
1843 }
1844
1845 s = strchr(conf_uname, '#');
1846 if (s) {
1847 len = s - conf_uname;
1848 conf_uname_copy = malloc(len + 1);
1849 if (!conf_uname_copy) {
1850 debug("Can't allocate uname copy: '%s'\n",
1851 conf_uname);
1852 return -ENOMEM;
1853 }
1854 memcpy(conf_uname_copy, conf_uname, len);
1855 conf_uname_copy[len] = '\0';
1856 conf_uname = conf_uname_copy;
1857 }
1858
1859 noffset = fdt_subnode_offset(fit, confs_noffset, conf_uname);
1860 if (noffset < 0) {
1861 debug("Can't get node offset for configuration unit name: '%s' (%s)\n",
1862 conf_uname, fdt_strerror(noffset));
1863 }
1864
1865 if (conf_uname_copy)
1866 free(conf_uname_copy);
1867
1868 return noffset;
1869 }
1870
fit_conf_get_prop_node_count(const void * fit,int noffset,const char * prop_name)1871 int fit_conf_get_prop_node_count(const void *fit, int noffset,
1872 const char *prop_name)
1873 {
1874 return fdt_stringlist_count(fit, noffset, prop_name);
1875 }
1876
fit_conf_get_prop_node_index(const void * fit,int noffset,const char * prop_name,int index)1877 int fit_conf_get_prop_node_index(const void *fit, int noffset,
1878 const char *prop_name, int index)
1879 {
1880 const char *uname;
1881 int len;
1882
1883 /* get kernel image unit name from configuration kernel property */
1884 uname = fdt_stringlist_get(fit, noffset, prop_name, index, &len);
1885 if (uname == NULL)
1886 return len;
1887
1888 return fit_image_get_node(fit, uname);
1889 }
1890
fit_conf_get_prop_node(const void * fit,int noffset,const char * prop_name)1891 int fit_conf_get_prop_node(const void *fit, int noffset,
1892 const char *prop_name)
1893 {
1894 return fit_conf_get_prop_node_index(fit, noffset, prop_name, 0);
1895 }
1896
fit_image_select(const void * fit,int rd_noffset,int verify)1897 static int fit_image_select(const void *fit, int rd_noffset, int verify)
1898 {
1899 fit_image_print(fit, rd_noffset, " ");
1900
1901 if (verify) {
1902 puts(" Verifying Hash Integrity ... ");
1903 if (!fit_image_verify(fit, rd_noffset)) {
1904 puts("Bad Data Hash\n");
1905 return -EACCES;
1906 }
1907 puts("OK\n");
1908 }
1909
1910 return 0;
1911 }
1912
fit_get_node_from_config(bootm_headers_t * images,const char * prop_name,ulong addr)1913 int fit_get_node_from_config(bootm_headers_t *images, const char *prop_name,
1914 ulong addr)
1915 {
1916 int cfg_noffset;
1917 void *fit_hdr;
1918 int noffset;
1919
1920 debug("* %s: using config '%s' from image at 0x%08lx\n",
1921 prop_name, images->fit_uname_cfg, addr);
1922
1923 /* Check whether configuration has this property defined */
1924 fit_hdr = map_sysmem(addr, 0);
1925 cfg_noffset = fit_conf_get_node(fit_hdr, images->fit_uname_cfg);
1926 if (cfg_noffset < 0) {
1927 debug("* %s: no such config\n", prop_name);
1928 return -EINVAL;
1929 }
1930
1931 noffset = fit_conf_get_prop_node(fit_hdr, cfg_noffset, prop_name);
1932 if (noffset < 0) {
1933 debug("* %s: no '%s' in config\n", prop_name, prop_name);
1934 return -ENOENT;
1935 }
1936
1937 return noffset;
1938 }
1939
1940 /**
1941 * fit_get_image_type_property() - get property name for IH_TYPE_...
1942 *
1943 * @return the properly name where we expect to find the image in the
1944 * config node
1945 */
fit_get_image_type_property(int type)1946 static const char *fit_get_image_type_property(int type)
1947 {
1948 /*
1949 * This is sort-of available in the uimage_type[] table in image.c
1950 * but we don't have access to the short name, and "fdt" is different
1951 * anyway. So let's just keep it here.
1952 */
1953 switch (type) {
1954 case IH_TYPE_FLATDT:
1955 return FIT_FDT_PROP;
1956 case IH_TYPE_KERNEL:
1957 return FIT_KERNEL_PROP;
1958 case IH_TYPE_RAMDISK:
1959 return FIT_RAMDISK_PROP;
1960 case IH_TYPE_X86_SETUP:
1961 return FIT_SETUP_PROP;
1962 case IH_TYPE_LOADABLE:
1963 return FIT_LOADABLE_PROP;
1964 case IH_TYPE_FPGA:
1965 return FIT_FPGA_PROP;
1966 case IH_TYPE_STANDALONE:
1967 return FIT_STANDALONE_PROP;
1968 }
1969
1970 return "unknown";
1971 }
1972
fit_image_load(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,int image_type,int bootstage_id,enum fit_load_op load_op,ulong * datap,ulong * lenp)1973 int fit_image_load(bootm_headers_t *images, ulong addr,
1974 const char **fit_unamep, const char **fit_uname_configp,
1975 int arch, int image_type, int bootstage_id,
1976 enum fit_load_op load_op, ulong *datap, ulong *lenp)
1977 {
1978 int cfg_noffset, noffset;
1979 const char *fit_uname;
1980 const char *fit_uname_config;
1981 const char *fit_base_uname_config;
1982 const void *fit;
1983 void *buf;
1984 void *loadbuf;
1985 size_t size;
1986 int type_ok, os_ok;
1987 ulong load, load_end, data, len;
1988 uint8_t os, comp;
1989 #ifndef USE_HOSTCC
1990 uint8_t os_arch;
1991 #endif
1992 const char *prop_name;
1993 int ret;
1994
1995 fit = map_sysmem(addr, 0);
1996 fit_uname = fit_unamep ? *fit_unamep : NULL;
1997 fit_uname_config = fit_uname_configp ? *fit_uname_configp : NULL;
1998 fit_base_uname_config = NULL;
1999 prop_name = fit_get_image_type_property(image_type);
2000 printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr);
2001
2002 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT);
2003 ret = fit_check_format(fit, IMAGE_SIZE_INVAL);
2004 if (ret) {
2005 printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret);
2006 if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL)
2007 printf("Signature checking prevents use of unit addresses (@) in nodes\n");
2008 bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT);
2009 return ret;
2010 }
2011 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK);
2012 if (fit_uname) {
2013 /* get FIT component image node offset */
2014 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_UNIT_NAME);
2015 noffset = fit_image_get_node(fit, fit_uname);
2016 } else {
2017 /*
2018 * no image node unit name, try to get config
2019 * node first. If config unit node name is NULL
2020 * fit_conf_get_node() will try to find default config node
2021 */
2022 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME);
2023 if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) {
2024 cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob());
2025 } else {
2026 cfg_noffset = fit_conf_get_node(fit,
2027 fit_uname_config);
2028 }
2029 if (cfg_noffset < 0) {
2030 puts("Could not find configuration node\n");
2031 bootstage_error(bootstage_id +
2032 BOOTSTAGE_SUB_NO_UNIT_NAME);
2033 return -ENOENT;
2034 }
2035
2036 fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
2037 printf(" Using '%s' configuration\n", fit_base_uname_config);
2038 /* Remember this config */
2039 if (image_type == IH_TYPE_KERNEL)
2040 images->fit_uname_cfg = fit_base_uname_config;
2041
2042 if (FIT_IMAGE_ENABLE_VERIFY && images->verify) {
2043 puts(" Verifying Hash Integrity ... ");
2044 if (fit_config_verify(fit, cfg_noffset)) {
2045 puts("Bad Data Hash\n");
2046 bootstage_error(bootstage_id +
2047 BOOTSTAGE_SUB_HASH);
2048 return -EACCES;
2049 }
2050 puts("OK\n");
2051 }
2052
2053 bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
2054
2055 noffset = fit_conf_get_prop_node(fit, cfg_noffset,
2056 prop_name);
2057 fit_uname = fit_get_name(fit, noffset, NULL);
2058 }
2059 if (noffset < 0) {
2060 printf("Could not find subimage node type '%s'\n", prop_name);
2061 bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE);
2062 return -ENOENT;
2063 }
2064
2065 printf(" Trying '%s' %s subimage\n", fit_uname, prop_name);
2066
2067 ret = fit_image_select(fit, noffset, images->verify);
2068 if (ret) {
2069 bootstage_error(bootstage_id + BOOTSTAGE_SUB_HASH);
2070 return ret;
2071 }
2072
2073 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
2074 if (!host_build() && IS_ENABLED(CONFIG_SANDBOX)) {
2075 if (!fit_image_check_target_arch(fit, noffset)) {
2076 puts("Unsupported Architecture\n");
2077 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
2078 return -ENOEXEC;
2079 }
2080 }
2081
2082 #ifndef USE_HOSTCC
2083 fit_image_get_arch(fit, noffset, &os_arch);
2084 images->os.arch = os_arch;
2085 #endif
2086
2087 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
2088 type_ok = fit_image_check_type(fit, noffset, image_type) ||
2089 fit_image_check_type(fit, noffset, IH_TYPE_FIRMWARE) ||
2090 (image_type == IH_TYPE_KERNEL &&
2091 fit_image_check_type(fit, noffset, IH_TYPE_KERNEL_NOLOAD));
2092
2093 os_ok = image_type == IH_TYPE_FLATDT ||
2094 image_type == IH_TYPE_FPGA ||
2095 fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
2096 fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
2097 fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
2098 fit_image_check_os(fit, noffset, IH_OS_EFI) ||
2099 fit_image_check_os(fit, noffset, IH_OS_VXWORKS);
2100
2101 /*
2102 * If either of the checks fail, we should report an error, but
2103 * if the image type is coming from the "loadables" field, we
2104 * don't care what it is
2105 */
2106 if ((!type_ok || !os_ok) && image_type != IH_TYPE_LOADABLE) {
2107 fit_image_get_os(fit, noffset, &os);
2108 printf("No %s %s %s Image\n",
2109 genimg_get_os_name(os),
2110 genimg_get_arch_name(arch),
2111 genimg_get_type_name(image_type));
2112 bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL);
2113 return -EIO;
2114 }
2115
2116 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL_OK);
2117
2118 /* get image data address and length */
2119 if (fit_image_get_data_and_size(fit, noffset,
2120 (const void **)&buf, &size)) {
2121 printf("Could not find %s subimage data!\n", prop_name);
2122 bootstage_error(bootstage_id + BOOTSTAGE_SUB_GET_DATA);
2123 return -ENOENT;
2124 }
2125
2126 /* Decrypt data before uncompress/move */
2127 if (IS_ENABLED(CONFIG_FIT_CIPHER) && IMAGE_ENABLE_DECRYPT) {
2128 puts(" Decrypting Data ... ");
2129 if (fit_image_uncipher(fit, noffset, &buf, &size)) {
2130 puts("Error\n");
2131 return -EACCES;
2132 }
2133 puts("OK\n");
2134 }
2135
2136 /* perform any post-processing on the image data */
2137 if (!host_build() && IS_ENABLED(CONFIG_FIT_IMAGE_POST_PROCESS))
2138 board_fit_image_post_process(&buf, &size);
2139
2140 len = (ulong)size;
2141
2142 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_GET_DATA_OK);
2143
2144 data = map_to_sysmem(buf);
2145 load = data;
2146 if (load_op == FIT_LOAD_IGNORED) {
2147 /* Don't load */
2148 } else if (fit_image_get_load(fit, noffset, &load)) {
2149 if (load_op == FIT_LOAD_REQUIRED) {
2150 printf("Can't get %s subimage load address!\n",
2151 prop_name);
2152 bootstage_error(bootstage_id + BOOTSTAGE_SUB_LOAD);
2153 return -EBADF;
2154 }
2155 } else if (load_op != FIT_LOAD_OPTIONAL_NON_ZERO || load) {
2156 ulong image_start, image_end;
2157
2158 /*
2159 * move image data to the load address,
2160 * make sure we don't overwrite initial image
2161 */
2162 image_start = addr;
2163 image_end = addr + fit_get_size(fit);
2164
2165 load_end = load + len;
2166 if (image_type != IH_TYPE_KERNEL &&
2167 load < image_end && load_end > image_start) {
2168 printf("Error: %s overwritten\n", prop_name);
2169 return -EXDEV;
2170 }
2171
2172 printf(" Loading %s from 0x%08lx to 0x%08lx\n",
2173 prop_name, data, load);
2174 } else {
2175 load = data; /* No load address specified */
2176 }
2177
2178 comp = IH_COMP_NONE;
2179 loadbuf = buf;
2180 /* Kernel images get decompressed later in bootm_load_os(). */
2181 if (!fit_image_get_comp(fit, noffset, &comp) &&
2182 comp != IH_COMP_NONE &&
2183 !(image_type == IH_TYPE_KERNEL ||
2184 image_type == IH_TYPE_KERNEL_NOLOAD ||
2185 image_type == IH_TYPE_RAMDISK)) {
2186 ulong max_decomp_len = len * 20;
2187 if (load == data) {
2188 loadbuf = malloc(max_decomp_len);
2189 load = map_to_sysmem(loadbuf);
2190 } else {
2191 loadbuf = map_sysmem(load, max_decomp_len);
2192 }
2193 if (image_decomp(comp, load, data, image_type,
2194 loadbuf, buf, len, max_decomp_len, &load_end)) {
2195 printf("Error decompressing %s\n", prop_name);
2196
2197 return -ENOEXEC;
2198 }
2199 len = load_end - load;
2200 } else if (load != data) {
2201 loadbuf = map_sysmem(load, len);
2202 memcpy(loadbuf, buf, len);
2203 }
2204
2205 if (image_type == IH_TYPE_RAMDISK && comp != IH_COMP_NONE)
2206 puts("WARNING: 'compression' nodes for ramdisks are deprecated,"
2207 " please fix your .its file!\n");
2208
2209 /* verify that image data is a proper FDT blob */
2210 if (image_type == IH_TYPE_FLATDT && fdt_check_header(loadbuf)) {
2211 puts("Subimage data is not a FDT");
2212 return -ENOEXEC;
2213 }
2214
2215 bootstage_mark(bootstage_id + BOOTSTAGE_SUB_LOAD);
2216
2217 *datap = load;
2218 *lenp = len;
2219 if (fit_unamep)
2220 *fit_unamep = (char *)fit_uname;
2221 if (fit_uname_configp)
2222 *fit_uname_configp = (char *)(fit_uname_config ? :
2223 fit_base_uname_config);
2224
2225 return noffset;
2226 }
2227
boot_get_setup_fit(bootm_headers_t * images,uint8_t arch,ulong * setup_start,ulong * setup_len)2228 int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
2229 ulong *setup_start, ulong *setup_len)
2230 {
2231 int noffset;
2232 ulong addr;
2233 ulong len;
2234 int ret;
2235
2236 addr = map_to_sysmem(images->fit_hdr_os);
2237 noffset = fit_get_node_from_config(images, FIT_SETUP_PROP, addr);
2238 if (noffset < 0)
2239 return noffset;
2240
2241 ret = fit_image_load(images, addr, NULL, NULL, arch,
2242 IH_TYPE_X86_SETUP, BOOTSTAGE_ID_FIT_SETUP_START,
2243 FIT_LOAD_REQUIRED, setup_start, &len);
2244
2245 return ret;
2246 }
2247
2248 #ifndef USE_HOSTCC
boot_get_fdt_fit(bootm_headers_t * images,ulong addr,const char ** fit_unamep,const char ** fit_uname_configp,int arch,ulong * datap,ulong * lenp)2249 int boot_get_fdt_fit(bootm_headers_t *images, ulong addr,
2250 const char **fit_unamep, const char **fit_uname_configp,
2251 int arch, ulong *datap, ulong *lenp)
2252 {
2253 int fdt_noffset, cfg_noffset, count;
2254 const void *fit;
2255 const char *fit_uname = NULL;
2256 const char *fit_uname_config = NULL;
2257 char *fit_uname_config_copy = NULL;
2258 char *next_config = NULL;
2259 ulong load, len;
2260 #ifdef CONFIG_OF_LIBFDT_OVERLAY
2261 ulong image_start, image_end;
2262 ulong ovload, ovlen;
2263 const char *uconfig;
2264 const char *uname;
2265 void *base, *ov;
2266 int i, err, noffset, ov_noffset;
2267 #endif
2268
2269 fit_uname = fit_unamep ? *fit_unamep : NULL;
2270
2271 if (fit_uname_configp && *fit_uname_configp) {
2272 fit_uname_config_copy = strdup(*fit_uname_configp);
2273 if (!fit_uname_config_copy)
2274 return -ENOMEM;
2275
2276 next_config = strchr(fit_uname_config_copy, '#');
2277 if (next_config)
2278 *next_config++ = '\0';
2279 if (next_config - 1 > fit_uname_config_copy)
2280 fit_uname_config = fit_uname_config_copy;
2281 }
2282
2283 fdt_noffset = fit_image_load(images,
2284 addr, &fit_uname, &fit_uname_config,
2285 arch, IH_TYPE_FLATDT,
2286 BOOTSTAGE_ID_FIT_FDT_START,
2287 FIT_LOAD_OPTIONAL, &load, &len);
2288
2289 if (fdt_noffset < 0)
2290 goto out;
2291
2292 debug("fit_uname=%s, fit_uname_config=%s\n",
2293 fit_uname ? fit_uname : "<NULL>",
2294 fit_uname_config ? fit_uname_config : "<NULL>");
2295
2296 fit = map_sysmem(addr, 0);
2297
2298 cfg_noffset = fit_conf_get_node(fit, fit_uname_config);
2299
2300 /* single blob, or error just return as well */
2301 count = fit_conf_get_prop_node_count(fit, cfg_noffset, FIT_FDT_PROP);
2302 if (count <= 1 && !next_config)
2303 goto out;
2304
2305 /* we need to apply overlays */
2306
2307 #ifdef CONFIG_OF_LIBFDT_OVERLAY
2308 image_start = addr;
2309 image_end = addr + fit_get_size(fit);
2310 /* verify that relocation took place by load address not being in fit */
2311 if (load >= image_start && load < image_end) {
2312 /* check is simplified; fit load checks for overlaps */
2313 printf("Overlayed FDT requires relocation\n");
2314 fdt_noffset = -EBADF;
2315 goto out;
2316 }
2317
2318 base = map_sysmem(load, len);
2319
2320 /* apply extra configs in FIT first, followed by args */
2321 for (i = 1; ; i++) {
2322 if (i < count) {
2323 noffset = fit_conf_get_prop_node_index(fit, cfg_noffset,
2324 FIT_FDT_PROP, i);
2325 uname = fit_get_name(fit, noffset, NULL);
2326 uconfig = NULL;
2327 } else {
2328 if (!next_config)
2329 break;
2330 uconfig = next_config;
2331 next_config = strchr(next_config, '#');
2332 if (next_config)
2333 *next_config++ = '\0';
2334 uname = NULL;
2335
2336 /*
2337 * fit_image_load() would load the first FDT from the
2338 * extra config only when uconfig is specified.
2339 * Check if the extra config contains multiple FDTs and
2340 * if so, load them.
2341 */
2342 cfg_noffset = fit_conf_get_node(fit, uconfig);
2343
2344 i = 0;
2345 count = fit_conf_get_prop_node_count(fit, cfg_noffset,
2346 FIT_FDT_PROP);
2347 }
2348
2349 debug("%d: using uname=%s uconfig=%s\n", i, uname, uconfig);
2350
2351 ov_noffset = fit_image_load(images,
2352 addr, &uname, &uconfig,
2353 arch, IH_TYPE_FLATDT,
2354 BOOTSTAGE_ID_FIT_FDT_START,
2355 FIT_LOAD_REQUIRED, &ovload, &ovlen);
2356 if (ov_noffset < 0) {
2357 printf("load of %s failed\n", uname);
2358 continue;
2359 }
2360 debug("%s loaded at 0x%08lx len=0x%08lx\n",
2361 uname, ovload, ovlen);
2362 ov = map_sysmem(ovload, ovlen);
2363
2364 base = map_sysmem(load, len + ovlen);
2365 err = fdt_open_into(base, base, len + ovlen);
2366 if (err < 0) {
2367 printf("failed on fdt_open_into\n");
2368 fdt_noffset = err;
2369 goto out;
2370 }
2371 /* the verbose method prints out messages on error */
2372 err = fdt_overlay_apply_verbose(base, ov);
2373 if (err < 0) {
2374 fdt_noffset = err;
2375 goto out;
2376 }
2377 fdt_pack(base);
2378 len = fdt_totalsize(base);
2379 }
2380 #else
2381 printf("config with overlays but CONFIG_OF_LIBFDT_OVERLAY not set\n");
2382 fdt_noffset = -EBADF;
2383 #endif
2384
2385 out:
2386 if (datap)
2387 *datap = load;
2388 if (lenp)
2389 *lenp = len;
2390 if (fit_unamep)
2391 *fit_unamep = fit_uname;
2392 if (fit_uname_configp)
2393 *fit_uname_configp = fit_uname_config;
2394
2395 if (fit_uname_config_copy)
2396 free(fit_uname_config_copy);
2397 return fdt_noffset;
2398 }
2399 #endif
2400