mirror of
https://github.com/brain-hackers/u-boot-brain
synced 2024-07-06 03:06:16 +09:00
03f1f78a9b
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.
One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.
Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
_________________
| FIT Image |
| |
/===================\ /=====================\
|| DRAM || | DRAM |
|| || | |
||_________________|| SYS_TEXT_BASE | ___________________ |
| | || FIT Image ||
| | || ||
| _________________ | SYS_SPL_MALLOC_START || _________________ ||
|| malloc() data || ||| malloc() data |||
||_________________|| |||_________________|||
| | ||___________________||
| | | |
Figure I Figure II
One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.
/======================\
| DRAM |
| |
| | CONFIG_SYS_TEXT_BASE
| |
| |
| ____________________ | CONFIG_SYS_SPL_MALLOC_START
|| malloc() data ||
|| ||
|| __________________ ||
||| FIT Image |||
||| |||
||| |||
Figure III
The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
* Bounds checking of the buffer region
* Guarantees the buffer does not conflict with other memory
The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.
The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
730 lines
19 KiB
C
730 lines
19 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright (C) 2016 Google, Inc
|
|
* Written by Simon Glass <sjg@chromium.org>
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <errno.h>
|
|
#include <fpga.h>
|
|
#include <gzip.h>
|
|
#include <image.h>
|
|
#include <log.h>
|
|
#include <malloc.h>
|
|
#include <spl.h>
|
|
#include <sysinfo.h>
|
|
#include <asm/cache.h>
|
|
#include <linux/libfdt.h>
|
|
|
|
DECLARE_GLOBAL_DATA_PTR;
|
|
|
|
#ifndef CONFIG_SPL_LOAD_FIT_APPLY_OVERLAY_BUF_SZ
|
|
#define CONFIG_SPL_LOAD_FIT_APPLY_OVERLAY_BUF_SZ (64 * 1024)
|
|
#endif
|
|
|
|
#ifndef CONFIG_SYS_BOOTM_LEN
|
|
#define CONFIG_SYS_BOOTM_LEN (64 << 20)
|
|
#endif
|
|
|
|
__weak void board_spl_fit_post_load(ulong load_addr, size_t length)
|
|
{
|
|
}
|
|
|
|
__weak ulong board_spl_fit_size_align(ulong size)
|
|
{
|
|
return size;
|
|
}
|
|
|
|
static int find_node_from_desc(const void *fit, int node, const char *str)
|
|
{
|
|
int child;
|
|
|
|
if (node < 0)
|
|
return -EINVAL;
|
|
|
|
/* iterate the FIT nodes and find a matching description */
|
|
for (child = fdt_first_subnode(fit, node); child >= 0;
|
|
child = fdt_next_subnode(fit, child)) {
|
|
int len;
|
|
const char *desc = fdt_getprop(fit, child, "description", &len);
|
|
|
|
if (!desc)
|
|
continue;
|
|
|
|
if (!strcmp(desc, str))
|
|
return child;
|
|
}
|
|
|
|
return -ENOENT;
|
|
}
|
|
|
|
/**
|
|
* spl_fit_get_image_name(): By using the matching configuration subnode,
|
|
* retrieve the name of an image, specified by a property name and an index
|
|
* into that.
|
|
* @fit: Pointer to the FDT blob.
|
|
* @images: Offset of the /images subnode.
|
|
* @type: Name of the property within the configuration subnode.
|
|
* @index: Index into the list of strings in this property.
|
|
* @outname: Name of the image
|
|
*
|
|
* Return: 0 on success, or a negative error number
|
|
*/
|
|
static int spl_fit_get_image_name(const void *fit, int images,
|
|
const char *type, int index,
|
|
const char **outname)
|
|
{
|
|
struct udevice *sysinfo;
|
|
const char *name, *str;
|
|
__maybe_unused int node;
|
|
int conf_node;
|
|
int len, i;
|
|
bool found = true;
|
|
|
|
conf_node = fit_find_config_node(fit);
|
|
if (conf_node < 0) {
|
|
#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
|
|
printf("No matching DT out of these options:\n");
|
|
for (node = fdt_first_subnode(fit, conf_node);
|
|
node >= 0;
|
|
node = fdt_next_subnode(fit, node)) {
|
|
name = fdt_getprop(fit, node, "description", &len);
|
|
printf(" %s\n", name);
|
|
}
|
|
#endif
|
|
return conf_node;
|
|
}
|
|
|
|
name = fdt_getprop(fit, conf_node, type, &len);
|
|
if (!name) {
|
|
debug("cannot find property '%s': %d\n", type, len);
|
|
return -EINVAL;
|
|
}
|
|
|
|
str = name;
|
|
for (i = 0; i < index; i++) {
|
|
str = strchr(str, '\0') + 1;
|
|
if (!str || (str - name >= len)) {
|
|
found = false;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!found && CONFIG_IS_ENABLED(SYSINFO) && !sysinfo_get(&sysinfo)) {
|
|
int rc;
|
|
/*
|
|
* no string in the property for this index. Check if the
|
|
* sysinfo-level code can supply one.
|
|
*/
|
|
rc = sysinfo_get_fit_loadable(sysinfo, index - i - 1, type,
|
|
&str);
|
|
if (rc && rc != -ENOENT)
|
|
return rc;
|
|
|
|
if (!rc) {
|
|
/*
|
|
* The sysinfo provided a name for a loadable.
|
|
* Try to match it against the description properties
|
|
* first. If no matching node is found, use it as a
|
|
* node name.
|
|
*/
|
|
int node;
|
|
int images = fdt_path_offset(fit, FIT_IMAGES_PATH);
|
|
|
|
node = find_node_from_desc(fit, images, str);
|
|
if (node > 0)
|
|
str = fdt_get_name(fit, node, NULL);
|
|
|
|
found = true;
|
|
}
|
|
}
|
|
|
|
if (!found) {
|
|
debug("no string for index %d\n", index);
|
|
return -E2BIG;
|
|
}
|
|
|
|
*outname = str;
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* spl_fit_get_image_node(): By using the matching configuration subnode,
|
|
* retrieve the name of an image, specified by a property name and an index
|
|
* into that.
|
|
* @fit: Pointer to the FDT blob.
|
|
* @images: Offset of the /images subnode.
|
|
* @type: Name of the property within the configuration subnode.
|
|
* @index: Index into the list of strings in this property.
|
|
*
|
|
* Return: the node offset of the respective image node or a negative
|
|
* error number.
|
|
*/
|
|
static int spl_fit_get_image_node(const void *fit, int images,
|
|
const char *type, int index)
|
|
{
|
|
const char *str;
|
|
int err;
|
|
int node;
|
|
|
|
err = spl_fit_get_image_name(fit, images, type, index, &str);
|
|
if (err)
|
|
return err;
|
|
|
|
debug("%s: '%s'\n", type, str);
|
|
|
|
node = fdt_subnode_offset(fit, images, str);
|
|
if (node < 0) {
|
|
pr_err("cannot find image node '%s': %d\n", str, node);
|
|
return -EINVAL;
|
|
}
|
|
|
|
return node;
|
|
}
|
|
|
|
static int get_aligned_image_offset(struct spl_load_info *info, int offset)
|
|
{
|
|
/*
|
|
* If it is a FS read, get the first address before offset which is
|
|
* aligned to ARCH_DMA_MINALIGN. If it is raw read return the
|
|
* block number to which offset belongs.
|
|
*/
|
|
if (info->filename)
|
|
return offset & ~(ARCH_DMA_MINALIGN - 1);
|
|
|
|
return offset / info->bl_len;
|
|
}
|
|
|
|
static int get_aligned_image_overhead(struct spl_load_info *info, int offset)
|
|
{
|
|
/*
|
|
* If it is a FS read, get the difference between the offset and
|
|
* the first address before offset which is aligned to
|
|
* ARCH_DMA_MINALIGN. If it is raw read return the offset within the
|
|
* block.
|
|
*/
|
|
if (info->filename)
|
|
return offset & (ARCH_DMA_MINALIGN - 1);
|
|
|
|
return offset % info->bl_len;
|
|
}
|
|
|
|
static int get_aligned_image_size(struct spl_load_info *info, int data_size,
|
|
int offset)
|
|
{
|
|
data_size = data_size + get_aligned_image_overhead(info, offset);
|
|
|
|
if (info->filename)
|
|
return data_size;
|
|
|
|
return (data_size + info->bl_len - 1) / info->bl_len;
|
|
}
|
|
|
|
/**
|
|
* spl_load_fit_image(): load the image described in a certain FIT node
|
|
* @info: points to information about the device to load data from
|
|
* @sector: the start sector of the FIT image on the device
|
|
* @fit: points to the flattened device tree blob describing the FIT
|
|
* image
|
|
* @base_offset: the beginning of the data area containing the actual
|
|
* image data, relative to the beginning of the FIT
|
|
* @node: offset of the DT node describing the image to load (relative
|
|
* to @fit)
|
|
* @image_info: will be filled with information about the loaded image
|
|
* If the FIT node does not contain a "load" (address) property,
|
|
* the image gets loaded to the address pointed to by the
|
|
* load_addr member in this struct.
|
|
*
|
|
* Return: 0 on success or a negative error number.
|
|
*/
|
|
static int spl_load_fit_image(struct spl_load_info *info, ulong sector,
|
|
void *fit, ulong base_offset, int node,
|
|
struct spl_image_info *image_info)
|
|
{
|
|
int offset;
|
|
size_t length;
|
|
int len;
|
|
ulong size;
|
|
ulong load_addr, load_ptr;
|
|
void *src;
|
|
ulong overhead;
|
|
int nr_sectors;
|
|
int align_len = ARCH_DMA_MINALIGN - 1;
|
|
uint8_t image_comp = -1, type = -1;
|
|
const void *data;
|
|
bool external_data = false;
|
|
|
|
if (IS_ENABLED(CONFIG_SPL_FPGA) ||
|
|
(IS_ENABLED(CONFIG_SPL_OS_BOOT) && IS_ENABLED(CONFIG_SPL_GZIP))) {
|
|
if (fit_image_get_type(fit, node, &type))
|
|
puts("Cannot get image type.\n");
|
|
else
|
|
debug("%s ", genimg_get_type_name(type));
|
|
}
|
|
|
|
if (IS_ENABLED(CONFIG_SPL_GZIP)) {
|
|
fit_image_get_comp(fit, node, &image_comp);
|
|
debug("%s ", genimg_get_comp_name(image_comp));
|
|
}
|
|
|
|
if (fit_image_get_load(fit, node, &load_addr))
|
|
load_addr = image_info->load_addr;
|
|
|
|
if (!fit_image_get_data_position(fit, node, &offset)) {
|
|
external_data = true;
|
|
} else if (!fit_image_get_data_offset(fit, node, &offset)) {
|
|
offset += base_offset;
|
|
external_data = true;
|
|
}
|
|
|
|
if (external_data) {
|
|
/* External data */
|
|
if (fit_image_get_data_size(fit, node, &len))
|
|
return -ENOENT;
|
|
|
|
load_ptr = (load_addr + align_len) & ~align_len;
|
|
length = len;
|
|
|
|
overhead = get_aligned_image_overhead(info, offset);
|
|
nr_sectors = get_aligned_image_size(info, length, offset);
|
|
|
|
if (info->read(info,
|
|
sector + get_aligned_image_offset(info, offset),
|
|
nr_sectors, (void *)load_ptr) != nr_sectors)
|
|
return -EIO;
|
|
|
|
debug("External data: dst=%lx, offset=%x, size=%lx\n",
|
|
load_ptr, offset, (unsigned long)length);
|
|
src = (void *)load_ptr + overhead;
|
|
} else {
|
|
/* Embedded data */
|
|
if (fit_image_get_data(fit, node, &data, &length)) {
|
|
puts("Cannot get image data/size\n");
|
|
return -ENOENT;
|
|
}
|
|
debug("Embedded data: dst=%lx, size=%lx\n", load_addr,
|
|
(unsigned long)length);
|
|
src = (void *)data;
|
|
}
|
|
|
|
#ifdef CONFIG_SPL_FIT_SIGNATURE
|
|
printf("## Checking hash(es) for Image %s ... ",
|
|
fit_get_name(fit, node, NULL));
|
|
if (!fit_image_verify_with_data(fit, node,
|
|
src, length))
|
|
return -EPERM;
|
|
puts("OK\n");
|
|
#endif
|
|
|
|
#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
|
|
board_fit_image_post_process(&src, &length);
|
|
#endif
|
|
|
|
if (IS_ENABLED(CONFIG_SPL_GZIP) && image_comp == IH_COMP_GZIP) {
|
|
size = length;
|
|
if (gunzip((void *)load_addr, CONFIG_SYS_BOOTM_LEN,
|
|
src, &size)) {
|
|
puts("Uncompressing error\n");
|
|
return -EIO;
|
|
}
|
|
length = size;
|
|
} else {
|
|
memcpy((void *)load_addr, src, length);
|
|
}
|
|
|
|
if (image_info) {
|
|
ulong entry_point;
|
|
|
|
image_info->load_addr = load_addr;
|
|
image_info->size = length;
|
|
|
|
if (!fit_image_get_entry(fit, node, &entry_point))
|
|
image_info->entry_point = entry_point;
|
|
else
|
|
image_info->entry_point = FDT_ERROR;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int spl_fit_append_fdt(struct spl_image_info *spl_image,
|
|
struct spl_load_info *info, ulong sector,
|
|
void *fit, int images, ulong base_offset)
|
|
{
|
|
struct spl_image_info image_info;
|
|
int node, ret = 0, index = 0;
|
|
|
|
/*
|
|
* Use the address following the image as target address for the
|
|
* device tree.
|
|
*/
|
|
image_info.load_addr = spl_image->load_addr + spl_image->size;
|
|
|
|
/* Figure out which device tree the board wants to use */
|
|
node = spl_fit_get_image_node(fit, images, FIT_FDT_PROP, index++);
|
|
if (node < 0) {
|
|
debug("%s: cannot find FDT node\n", __func__);
|
|
|
|
/*
|
|
* U-Boot did not find a device tree inside the FIT image. Use
|
|
* the U-Boot device tree instead.
|
|
*/
|
|
if (gd->fdt_blob)
|
|
memcpy((void *)image_info.load_addr, gd->fdt_blob,
|
|
fdt_totalsize(gd->fdt_blob));
|
|
else
|
|
return node;
|
|
} else {
|
|
ret = spl_load_fit_image(info, sector, fit, base_offset, node,
|
|
&image_info);
|
|
if (ret < 0)
|
|
return ret;
|
|
}
|
|
|
|
/* Make the load-address of the FDT available for the SPL framework */
|
|
spl_image->fdt_addr = (void *)image_info.load_addr;
|
|
#if !CONFIG_IS_ENABLED(FIT_IMAGE_TINY)
|
|
if (CONFIG_IS_ENABLED(LOAD_FIT_APPLY_OVERLAY)) {
|
|
void *tmpbuffer = NULL;
|
|
|
|
for (; ; index++) {
|
|
node = spl_fit_get_image_node(fit, images, FIT_FDT_PROP,
|
|
index);
|
|
if (node == -E2BIG) {
|
|
debug("%s: No additional FDT node\n", __func__);
|
|
break;
|
|
} else if (node < 0) {
|
|
debug("%s: unable to find FDT node %d\n",
|
|
__func__, index);
|
|
continue;
|
|
}
|
|
|
|
if (!tmpbuffer) {
|
|
/*
|
|
* allocate memory to store the DT overlay
|
|
* before it is applied. It may not be used
|
|
* depending on how the overlay is stored, so
|
|
* don't fail yet if the allocation failed.
|
|
*/
|
|
tmpbuffer = malloc(CONFIG_SPL_LOAD_FIT_APPLY_OVERLAY_BUF_SZ);
|
|
if (!tmpbuffer)
|
|
debug("%s: unable to allocate space for overlays\n",
|
|
__func__);
|
|
}
|
|
image_info.load_addr = (ulong)tmpbuffer;
|
|
ret = spl_load_fit_image(info, sector, fit, base_offset,
|
|
node, &image_info);
|
|
if (ret < 0)
|
|
break;
|
|
|
|
/* Make room in FDT for changes from the overlay */
|
|
ret = fdt_increase_size(spl_image->fdt_addr,
|
|
image_info.size);
|
|
if (ret < 0)
|
|
break;
|
|
|
|
ret = fdt_overlay_apply_verbose(spl_image->fdt_addr,
|
|
(void *)image_info.load_addr);
|
|
if (ret) {
|
|
pr_err("failed to apply DT overlay %s\n",
|
|
fit_get_name(fit, node, NULL));
|
|
break;
|
|
}
|
|
|
|
debug("%s: DT overlay %s applied\n", __func__,
|
|
fit_get_name(fit, node, NULL));
|
|
}
|
|
free(tmpbuffer);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
/* Try to make space, so we can inject details on the loadables */
|
|
ret = fdt_shrink_to_minimum(spl_image->fdt_addr, 8192);
|
|
if (ret < 0)
|
|
return ret;
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int spl_fit_record_loadable(const void *fit, int images, int index,
|
|
void *blob, struct spl_image_info *image)
|
|
{
|
|
int ret = 0;
|
|
#if !CONFIG_IS_ENABLED(FIT_IMAGE_TINY)
|
|
const char *name;
|
|
int node;
|
|
|
|
ret = spl_fit_get_image_name(fit, images, "loadables",
|
|
index, &name);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
node = spl_fit_get_image_node(fit, images, "loadables", index);
|
|
|
|
ret = fdt_record_loadable(blob, index, name, image->load_addr,
|
|
image->size, image->entry_point,
|
|
fdt_getprop(fit, node, "type", NULL),
|
|
fdt_getprop(fit, node, "os", NULL));
|
|
#endif
|
|
return ret;
|
|
}
|
|
|
|
static int spl_fit_image_get_os(const void *fit, int noffset, uint8_t *os)
|
|
{
|
|
#if CONFIG_IS_ENABLED(FIT_IMAGE_TINY) && !defined(CONFIG_SPL_OS_BOOT)
|
|
const char *name = fdt_getprop(fit, noffset, FIT_OS_PROP, NULL);
|
|
|
|
if (!name)
|
|
return -ENOENT;
|
|
|
|
/*
|
|
* We don't care what the type of the image actually is,
|
|
* only whether or not it is U-Boot. This saves some
|
|
* space by omitting the large table of OS types.
|
|
*/
|
|
if (!strcmp(name, "u-boot"))
|
|
*os = IH_OS_U_BOOT;
|
|
else
|
|
*os = IH_OS_INVALID;
|
|
|
|
return 0;
|
|
#else
|
|
return fit_image_get_os(fit, noffset, os);
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* The purpose of the FIT load buffer is to provide a memory location that is
|
|
* independent of the load address of any FIT component.
|
|
*/
|
|
static void *spl_get_fit_load_buffer(size_t size)
|
|
{
|
|
void *buf;
|
|
|
|
buf = malloc(size);
|
|
if (!buf) {
|
|
pr_err("Could not get FIT buffer of %lu bytes\n", (ulong)size);
|
|
pr_err("\tcheck CONFIG_SYS_SPL_MALLOC_SIZE\n");
|
|
buf = spl_get_load_buffer(0, size);
|
|
}
|
|
return buf;
|
|
}
|
|
|
|
/*
|
|
* Weak default function to allow customizing SPL fit loading for load-only
|
|
* use cases by allowing to skip the parsing/processing of the FIT contents
|
|
* (so that this can be done separately in a more customized fashion)
|
|
*/
|
|
__weak bool spl_load_simple_fit_skip_processing(void)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
int spl_load_simple_fit(struct spl_image_info *spl_image,
|
|
struct spl_load_info *info, ulong sector, void *fit)
|
|
{
|
|
int sectors;
|
|
ulong size, hsize;
|
|
unsigned long count;
|
|
struct spl_image_info image_info;
|
|
int node = -1;
|
|
int images, ret;
|
|
int base_offset;
|
|
int index = 0;
|
|
int firmware_node;
|
|
|
|
/*
|
|
* For FIT with external data, figure out where the external images
|
|
* start. This is the base for the data-offset properties in each
|
|
* image.
|
|
*/
|
|
size = fdt_totalsize(fit);
|
|
size = (size + 3) & ~3;
|
|
size = board_spl_fit_size_align(size);
|
|
base_offset = (size + 3) & ~3;
|
|
|
|
/*
|
|
* So far we only have one block of data from the FIT. Read the entire
|
|
* thing, including that first block.
|
|
*
|
|
* For FIT with data embedded, data is loaded as part of FIT image.
|
|
* For FIT with external data, data is not loaded in this step.
|
|
*/
|
|
sectors = get_aligned_image_size(info, size, 0);
|
|
hsize = sectors * info->bl_len;
|
|
fit = spl_get_fit_load_buffer(hsize);
|
|
count = info->read(info, sector, sectors, fit);
|
|
debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu, size=0x%lx\n",
|
|
sector, sectors, fit, count, size);
|
|
|
|
if (count == 0)
|
|
return -EIO;
|
|
|
|
/* skip further processing if requested to enable load-only use cases */
|
|
if (spl_load_simple_fit_skip_processing())
|
|
return 0;
|
|
|
|
if (IS_ENABLED(CONFIG_SPL_FIT_SIGNATURE)) {
|
|
int conf_offset = fit_find_config_node(fit);
|
|
|
|
printf("## Checking hash(es) for config %s ... ",
|
|
fit_get_name(fit, conf_offset, NULL));
|
|
if (fit_config_verify(fit, conf_offset))
|
|
return -EPERM;
|
|
puts("OK\n");
|
|
}
|
|
|
|
/* find the node holding the images information */
|
|
images = fdt_path_offset(fit, FIT_IMAGES_PATH);
|
|
if (images < 0) {
|
|
debug("%s: Cannot find /images node: %d\n", __func__, images);
|
|
return -1;
|
|
}
|
|
|
|
#ifdef CONFIG_SPL_FPGA
|
|
node = spl_fit_get_image_node(fit, images, "fpga", 0);
|
|
if (node >= 0) {
|
|
/* Load the image and set up the spl_image structure */
|
|
ret = spl_load_fit_image(info, sector, fit, base_offset, node,
|
|
spl_image);
|
|
if (ret) {
|
|
printf("%s: Cannot load the FPGA: %i\n", __func__, ret);
|
|
return ret;
|
|
}
|
|
|
|
debug("FPGA bitstream at: %x, size: %x\n",
|
|
(u32)spl_image->load_addr, spl_image->size);
|
|
|
|
ret = fpga_load(0, (const void *)spl_image->load_addr,
|
|
spl_image->size, BIT_FULL);
|
|
if (ret) {
|
|
printf("%s: Cannot load the image to the FPGA\n",
|
|
__func__);
|
|
return ret;
|
|
}
|
|
|
|
puts("FPGA image loaded from FIT\n");
|
|
node = -1;
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Find the U-Boot image using the following search order:
|
|
* - start at 'firmware' (e.g. an ARM Trusted Firmware)
|
|
* - fall back 'kernel' (e.g. a Falcon-mode OS boot
|
|
* - fall back to using the first 'loadables' entry
|
|
*/
|
|
if (node < 0)
|
|
node = spl_fit_get_image_node(fit, images, FIT_FIRMWARE_PROP,
|
|
0);
|
|
#ifdef CONFIG_SPL_OS_BOOT
|
|
if (node < 0)
|
|
node = spl_fit_get_image_node(fit, images, FIT_KERNEL_PROP, 0);
|
|
#endif
|
|
if (node < 0) {
|
|
debug("could not find firmware image, trying loadables...\n");
|
|
node = spl_fit_get_image_node(fit, images, "loadables", 0);
|
|
/*
|
|
* If we pick the U-Boot image from "loadables", start at
|
|
* the second image when later loading additional images.
|
|
*/
|
|
index = 1;
|
|
}
|
|
if (node < 0) {
|
|
debug("%s: Cannot find u-boot image node: %d\n",
|
|
__func__, node);
|
|
return -1;
|
|
}
|
|
|
|
/* Load the image and set up the spl_image structure */
|
|
ret = spl_load_fit_image(info, sector, fit, base_offset, node,
|
|
spl_image);
|
|
if (ret)
|
|
return ret;
|
|
|
|
/*
|
|
* For backward compatibility, we treat the first node that is
|
|
* as a U-Boot image, if no OS-type has been declared.
|
|
*/
|
|
if (!spl_fit_image_get_os(fit, node, &spl_image->os))
|
|
debug("Image OS is %s\n", genimg_get_os_name(spl_image->os));
|
|
#if !defined(CONFIG_SPL_OS_BOOT)
|
|
else
|
|
spl_image->os = IH_OS_U_BOOT;
|
|
#endif
|
|
|
|
/*
|
|
* Booting a next-stage U-Boot may require us to append the FDT.
|
|
* We allow this to fail, as the U-Boot image might embed its FDT.
|
|
*/
|
|
if (spl_image->os == IH_OS_U_BOOT) {
|
|
ret = spl_fit_append_fdt(spl_image, info, sector, fit,
|
|
images, base_offset);
|
|
if (!IS_ENABLED(CONFIG_OF_EMBED) && ret < 0)
|
|
return ret;
|
|
}
|
|
|
|
firmware_node = node;
|
|
/* Now check if there are more images for us to load */
|
|
for (; ; index++) {
|
|
uint8_t os_type = IH_OS_INVALID;
|
|
|
|
node = spl_fit_get_image_node(fit, images, "loadables", index);
|
|
if (node < 0)
|
|
break;
|
|
|
|
/*
|
|
* if the firmware is also a loadable, skip it because
|
|
* it already has been loaded. This is typically the case with
|
|
* u-boot.img generated by mkimage.
|
|
*/
|
|
if (firmware_node == node)
|
|
continue;
|
|
|
|
ret = spl_load_fit_image(info, sector, fit, base_offset, node,
|
|
&image_info);
|
|
if (ret < 0)
|
|
continue;
|
|
|
|
if (!spl_fit_image_get_os(fit, node, &os_type))
|
|
debug("Loadable is %s\n", genimg_get_os_name(os_type));
|
|
|
|
if (os_type == IH_OS_U_BOOT) {
|
|
spl_fit_append_fdt(&image_info, info, sector,
|
|
fit, images, base_offset);
|
|
spl_image->fdt_addr = image_info.fdt_addr;
|
|
}
|
|
|
|
/*
|
|
* If the "firmware" image did not provide an entry point,
|
|
* use the first valid entry point from the loadables.
|
|
*/
|
|
if (spl_image->entry_point == FDT_ERROR &&
|
|
image_info.entry_point != FDT_ERROR)
|
|
spl_image->entry_point = image_info.entry_point;
|
|
|
|
/* Record our loadables into the FDT */
|
|
if (spl_image->fdt_addr)
|
|
spl_fit_record_loadable(fit, images, index,
|
|
spl_image->fdt_addr,
|
|
&image_info);
|
|
}
|
|
|
|
/*
|
|
* If a platform does not provide CONFIG_SYS_UBOOT_START, U-Boot's
|
|
* Makefile will set it to 0 and it will end up as the entry point
|
|
* here. What it actually means is: use the load address.
|
|
*/
|
|
if (spl_image->entry_point == FDT_ERROR || spl_image->entry_point == 0)
|
|
spl_image->entry_point = spl_image->load_addr;
|
|
|
|
spl_image->flags |= SPL_FIT_FOUND;
|
|
|
|
#ifdef CONFIG_IMX_HAB
|
|
board_spl_fit_post_load((ulong)fit, size);
|
|
#endif
|
|
|
|
return 0;
|
|
}
|