Commit Graph

100 Commits

Author SHA1 Message Date
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Sven Ebenfeld
d21bd69b6e tools: mkimage: add firmware-ivt image type for HAB verification
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:06:57 +01:00
Tomeu Vizoso
0f7c6cdc81 mkimage: Allow including a ramdisk in FIT auto mode
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).

This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-06 07:33:42 -05:00
Simon Glass
0cd82e255f mkimage: Fix missing free() in show_valid_options()
The allocated memory should be freed. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150963)
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-10-31 10:13:18 -04:00
Vagrant Cascadian
82bd2f29ea Fix spelling of "occur".
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Acked-by: Angelo Dureghello <angelo@sysam.it>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-31 10:13:16 -04:00
Karl Beldan
1b92aed253 mkimage: Fix argument parsing with signature comment
Inform getopt that '-c' requires a parameter.

Fixes: a02221f29d ("mkimage: Convert to use getopt()")
Signed-off-by: Karl Beldan <kbeldan@baylibre.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-08-05 20:55:23 -04:00
Teddy Reed
b6fefa76d0 mkimage: fix missing break for -p switch
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reported-by: Coverity (CID: 150277)
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:44 -04:00
Simon Glass
51f03e6a75 mkimage: Show item lists for all categories
Update the error-handling code for -A, -C and -O to show a list of valid
options when an invalid one is provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Vinoth Eswaran <evinoth1206@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:31 -04:00
Simon Glass
f24e10500f mkimage: Use generic code for showing an 'image type' error
The existing error code only displays image types which are claimed by a
particular U_BOOT_IMAGE_TYPE() driver. But this does not seem correct. The
mkimage tool should support all image types, so it makes sense to allow
creation of images of any type with the tool.

When an incorrect image type is provided, use generic code to display the
error.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:30 -04:00
Simon Glass
3066422512 mkimage: Allow display of a list of any image header category
Add a generic function which can display a list of items in any category.
This will allow displaying of images for the -A, -C, -O and -T flags. At
present only -T is supported.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:30 -04:00
Simon Glass
58b2247542 mkimage: Drop blank line before main()
This is not needed. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:27 -04:00
Simon Glass
63ef31b9ef mkimage: Drop premature setting of params.fit_image_type
There is no need to set params.fit_image_type while parsing the arguments.
It is set up later anyway.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:27 -04:00
Simon Glass
e324a92531 mkimage: Require a data file when auto-fit is used
When auto-fit is used, it is not valid to create a FIT without an image
file. Add a check for this to avoid a very confusing error message later
("Can't open (null): Bad address").

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:27 -04:00
Simon Glass
3c23c0feac mkimage: Explain the auto-fit imagefile special case
There is a special case in the code when auto-fit is used. Add a comment to
make it easier to understand why this is needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-07-14 18:22:26 -04:00
Simon Glass
20deaddd46 mkimage: Honour the default image type with auto-fit
The default image type is supposed to be IH_TYPE_KERNEL, as set in the
'params' variable. Honour this with auto-fit also.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:26 -04:00
Teddy Reed
f8f9107d97 mkimage: fit: spl: Add an optional static offset for external data
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.

It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
2016-06-24 17:23:06 -04:00
Simon Glass
bd6e142094 mkimage: Add a quiet mode
Some build systems want to be quiet unless there is a problem. At present
mkimage displays quite a bit of information when generating a FIT file. Add
a '-q' flag to silence this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2016-05-23 11:50:19 -04:00
Andreas Bießmann
8edeac86db mkimage: fix generation of FIT image
Commit 7a439cadcf broke generation of SPL
loadable FIT images (CONFIG_SPL_LOAD_FIT).
Fix it by removing the unnecessary storage of expected image type. This was a
left over of the previous implementation. It is not longer necessary since the
mkimage -b switch always has one parameter.

Tested-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2016-05-03 11:28:18 -04:00
Andreas Bießmann
7a439cadcf mkimage: fix argument parsing on BSD systems
The getopt(3) optstring '-' is a GNU extension which is not available on BSD
systems like OS X.

Remove this dependency by implementing argument parsing in another way. This
will also change the lately introduced '-b' switch behaviour.

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-05-02 18:37:09 -04:00
Simon Glass
722ebc8f84 mkimage: Support placing data outside the FIT
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.

In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.

This allows SPL to load the entire FIT, without the images, then load the
images it wants later.

Add a -E option to mkimage to request that it output an 'external' FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
fb4cce0f98 mkimage: Support adding device tree files to a FIT
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.

So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:29 -04:00
Simon Glass
8e35bb07eb mkimage: Support automatic creating of a FIT without a .its
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.

Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.

Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.

To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:28 -04:00
Simon Glass
d505a09c1e mkimage: Allow a FIT to include an image of any type
At present FIT images are set up by providing a device tree source file
which is a file with a .its extension. We want to support automatically
creating this file based on the image supplied to mkimage. This means that
even though the final file type is always IH_TYPE_FLATDT, the image inside
may be something else.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:27 -04:00
Simon Glass
cc7a64447b mkimage: Make 'params' static
This is not used outside mkimage.c, so make this variable static.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:11 -04:00
Simon Glass
1531034831 mkimage: Show an error message when usage() is called
Sometimes incorrect arguments are supplied but the reason is not obvious to
the user. Add some helpful messages.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:11 -04:00
Simon Glass
b0a487a4eb mkimage: Move usage() up to the top
To avoid a forward declaration, move the usage() function higher in the
file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:11 -04:00
Simon Glass
0745008145 mkimage: Sort the option processing code by option
Adjust the code so that option alphabetical order matches the order in the
switch() statement. This makes it easier to find options.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:10 -04:00
Simon Glass
a02221f29d mkimage: Convert to use getopt()
The current way of parsing arguments is a bit clumsy. It seems better to
use getopt() which is commonly used for this purpose.

Convert the code to use getopt() and make a few minor adjustments as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:07 -04:00
Simon Glass
0b443dee6b mkimage: Move argument processing into its own function
At present main() is very long. Split out the argument processing to make
it easier to follow.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:19:01 -04:00
William Cohen
c190fbd010 Gracefully handle 64-bit signed-extended 32-bit Load addresses
To follow the MIPS 32-bit and 64-bit memory map conventions (*) recent
MIPS Linux kernels are using a 64-bit sign extended value
(0xffffffff80010000) for the 32-bit load address (0x80010000) of the
Creator CI20 board kernel.  When this 64-bit argument was passed to
mkimage running on a 32-bit machine such as the Creator CI20 board the
load address was incorrectly formed from the upper 32-bit sign-extend
bits (0xffffffff) by the strtoul instead of from the lower 32-bits
(0x80010000).  The mkimage should be able to tolerate the longer
sign-extended 64-bit version of the 32-bit arguments with the use of
strtoull.  Use of the strtoll in place of the strtol in mkimage.c
resolves the issue of self hosted kernel builds for the Creator CI20
board (+) and (++).

(*) http://techpubs.sgi.com/library/dynaweb_docs/0620/SGI_Developer/books/DevDriver_PG/sgi_html/ch01.html
(+) https://github.com/MIPS/CI20_linux/issues/23
(++) https://github.com/MIPS/CI20_linux/issues/22

Signed-off-by: William Cohen <wcohen@redhat.com>
2016-02-24 18:43:58 -05:00
Marek Vasut
3463314125 mkimage: Fix warning from fix for generating multi and script images again
Seems 6ae6e160 broke creating images in certain cases, there
are two problems with that patch.

First is that the expression "!x == 4 || !x == 6" is ambiguous.  The
intention here was "!(x == 4) || !(x == 6)" based on reading further in
the file, where this was borrowed from.  This however is interpreted by
gcc as "(!x) == 4 || (!x) == 6" and always false.  gcc-5.x will warn
about this case.

The second problem is that we do not want to test for the case of "(NOT x
is 4) OR (NOT x is 6)" but instead "(x is not equal to 4) AND (x is not
equal to 6)".  This is because in those two cases we already execute the
code question in another part of the file.  Rewrite the expression and
add parenthesis for clarity.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Philippe De Swert <philippedeswert@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
[trini: Re-word Marek's explanation]
2015-12-07 13:28:09 -05:00
Philippe De Swert
6ae6e16005 mkimage : Fix generating multi and script images
Seems 92a655c3 broke creating multi and script type images.
Since the file1:file2:file3 string does not get split up,
it fails on trying to open an non-existing file.

mkimage -A arm -O linux -T multi -C none -d zImage:splash.bmp:device.dtb uimage
tools/mkimage: Can't open zImage:splash.bmp:device.dtb: No such file or directory

Since the sizes of the different parts seem to get added in the actual
routine that handles multi and script type images, we can probably skip the
bit of the code that causes the failure for that type of images.

Signed-off-by: Philippe De Swert <philippedeswert@gmail.com>
2015-12-05 18:22:35 -05:00
Tom Rini
354973076a tools/mkimage.c: Clarify help text for -D slightly
Try and make it clear that -D will replace all arguments passed to dtc
and is not appending them.

Signed-off-by: Tom Rini <trini@konsulko.com>
2015-10-11 17:12:11 -04:00
Simon Glass
424b86ae59 mkimage: Allow padding to any length
At present there is an arbitrary limit of 4KB for padding. Rockchip needs
more than that, so remove this restriction.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
2015-09-02 21:28:23 -06:00
Simon Glass
92a655c326 mkimage: Set up a file size parameter and keep it updated
Some functions called by mkimage would like to know the output file size.
Initially this is the same as the input file size, but it may be affected by
adding headers, etc.

Add this information to the image parameters.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2015-07-21 17:39:29 -06:00
Simon Glass
5b9d44df23 mkimage: Display a better list of available image types
Offer to display the available image types in help. Also, rather than
hacking the genimg_get_type_id() function to display a list of types,
do this in the tool. Also, sort the list.

The list of image types is quite long, and hard to discover. Print it out
when we show help information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2015-07-21 17:39:20 -06:00
Guilherme Maciel Ferreira
f41f5b7c05 dumpimage: add 'T' option to explicitly set the image type
Some image types, like "KeyStone GP", do not have magic numbers to
distinguish them from other image types. Thus, the automatic image
type discovery does not work correctly.

This patch also fix some integer type mismatches.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
a93648d197 imagetool: replace image registration function by linker_lists feature
The registration was introduced in commit f86ed6a8d5

This commit also removes all registration functions, and the member "next"
from image_type_params struct

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Guilherme Maciel Ferreira
0ca6691c2e imagetool: move common code to imagetool module
The get_type() and verify_print_header() functions have the
same code on both dumpimage.c and mkimage.c modules.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Luka Perkov
31cbe80c33 mkimage: fix compilation issues on OpenBSD
Signed-off-by: Luka Perkov <luka@openwrt.org>
2014-08-14 11:48:11 +02:00
Guilherme Maciel Ferreira
f86ed6a8d5 tools: moved code common to all image tools to a separated module.
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".

This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:

                                                      +---------------+
                                               +------|   fit_image   |
 +--------------+          +-----------+       |      +---------------+
 |    mkimage   |--------> |           | <-----+
 +--------------+          |           |              +---------------+
                           | imagetool | <------------|    imximage   |
 +--------------+          |           |              +---------------+
 |  dumpimage   |--------> |           | <-----+
 +--------------+          +-----------+       |      +---------------+
                                               +------| default_image |
                                                      +---------------+

          register_image_tool()           register_image_type()

Also, the struct "mkimage_params" was renamed to "image_tool_params" to make
clear its general purpose.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2013-12-13 09:15:32 -05:00
Guilherme Maciel Ferreira
f1cc458cf3 mkimage: added 'static' specifier to match function's prototype.
This function should be declared static.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2013-12-13 09:15:32 -05:00
Marek Vasut
bce8837071 ARM: mxs: tools: Add mkimage support for MXS bootstream
Add mkimage support for generating and verifying MXS bootstream.
The implementation here is mostly a glue code between MXSSB v0.4
and mkimage, but the long-term goal is to rectify this and merge
MXSSB with mkimage more tightly. Once this code is properly in
U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage
support.

Note that the mxsimage generator needs libcrypto from OpenSSL, I
therefore enabled the libcrypto/libssl unconditionally.

MXSSB: http://git.denx.de/?p=mxssb.git;a=summary

The code is based on research presented at:
http://www.rockbox.org/wiki/SbFileFormat

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>
2013-08-31 15:26:52 +02:00
Stefano Babic
9bac0bb374 tools: add variable padding of data image in mkimage
Use previously unused return value of function vrec_header
to return a padding size to generic mkimage. This padding
size is used in copy_files to pad with zeros after copying
the data image.

Signed-off-by: Stefano Babic <sbabic@denx.de>
2013-08-31 15:06:29 +02:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
399c744b22 mkimage: Add -r option to specify keys that must be verified
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.

But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.

Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.

If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
4f61042701 mkimage: Add -c option to specify a comment for key signing
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
95d77b4479 mkimage: Add -F option to modify an existing .fit file
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.

Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
e29495d37f mkimage: Add -K to write public keys to an FDT blob
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:

   mkimage -f test.its -K dest.dtb -k keys test.fit

and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-06-26 10:18:56 -04:00
Simon Glass
80e4df8ac6 mkimage: Add -k option to specify key directory
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.

Also update the mkimage man page with this information and a clearer list
of available commands.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-06-26 10:18:56 -04:00