brain-hackers_pepepper-mirror/u-boot-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/u-boot-brain synced 2024-06-09 23:36:03 +09:00
Code Issues Projects Releases Wiki Activity
d6da4da3be
u-boot-brain/tools/default_image.c
Breno Matheus Lima 5b20d141f2 imx: Kconfig: Reduce default CONFIG_CSF_SIZE 
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.

The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.

According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.

As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.

Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:

Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR:  image authentication fail

Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")

Reported-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-10-08 16:36:36 +02:00

188 lines
4.7 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0+
/*
* (C) Copyright 2008 Semihalf
*
* (C) Copyright 2000-2004
* DENX Software Engineering
* Wolfgang Denk, wd@denx.de
*
* Updated-by: Prafulla Wadaskar <prafulla@marvell.com>
* default_image specific code abstracted from mkimage.c
* some functions added to address abstraction
*
* All rights reserved.
*/
#include "imagetool.h"
#include "mkimage.h"
#include <image.h>
#include <tee/optee.h>
#include <u-boot/crc.h>
#include <imximage.h>
static image_header_t header;
static int image_check_image_types(uint8_t type)
{
if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) ||
(type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT))
return EXIT_SUCCESS;
else
return EXIT_FAILURE;
}
static int image_check_params(struct image_tool_params *params)
{
return ((params->dflag && (params->fflag || params->lflag)) ||
(params->fflag && (params->dflag || params->lflag)) ||
(params->lflag && (params->dflag || params->fflag)));
}
static int image_verify_header(unsigned char *ptr, int image_size,
struct image_tool_params *params)
{
uint32_t len;
const unsigned char *data;
uint32_t checksum;
image_header_t header;
image_header_t *hdr = &header;
/*
* create copy of header so that we can blank out the
* checksum field for checking - this can't be done
* on the PROT_READ mapped data.
*/
memcpy(hdr, ptr, sizeof(image_header_t));
if (be32_to_cpu(hdr->ih_magic) != IH_MAGIC) {
debug("%s: Bad Magic Number: \"%s\" is no valid image\n",
params->cmdname, params->imagefile);
return -FDT_ERR_BADMAGIC;
}
data = (const unsigned char *)hdr;
len = sizeof(image_header_t);
checksum = be32_to_cpu(hdr->ih_hcrc);
hdr->ih_hcrc = cpu_to_be32(0); /* clear for re-calculation */
if (crc32(0, data, len) != checksum) {
debug("%s: ERROR: \"%s\" has bad header checksum!\n",
params->cmdname, params->imagefile);
return -FDT_ERR_BADSTATE;
}
data = (const unsigned char *)ptr + sizeof(image_header_t);
len = image_size - sizeof(image_header_t) ;
checksum = be32_to_cpu(hdr->ih_dcrc);
if (crc32(0, data, len) != checksum) {
debug("%s: ERROR: \"%s\" has corrupted data!\n",
params->cmdname, params->imagefile);
return -FDT_ERR_BADSTRUCTURE;
}
return 0;
}
static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
struct image_tool_params *params)
{
uint32_t checksum;
time_t time;
uint32_t imagesize;
uint32_t ep;
uint32_t addr;
image_header_t * hdr = (image_header_t *)ptr;
checksum = crc32(0,
(const unsigned char *)(ptr +
sizeof(image_header_t)),
sbuf->st_size - sizeof(image_header_t));
time = imagetool_get_source_date(params->cmdname, sbuf->st_mtime);
ep = params->ep;
addr = params->addr;
if (params->type == IH_TYPE_FIRMWARE_IVT)
/* Add size of CSF minus IVT */
imagesize = sbuf->st_size - sizeof(image_header_t)
+ 0x2060 - sizeof(flash_header_v2_t);
else
imagesize = sbuf->st_size - sizeof(image_header_t);
if (params->os == IH_OS_TEE) {
addr = optee_image_get_load_addr(hdr);
ep = optee_image_get_entry_point(hdr);
}
/* Build new header */
image_set_magic(hdr, IH_MAGIC);
image_set_time(hdr, time);
image_set_size(hdr, imagesize);
image_set_load(hdr, addr);
image_set_ep(hdr, ep);
image_set_dcrc(hdr, checksum);
image_set_os(hdr, params->os);
image_set_arch(hdr, params->arch);
image_set_type(hdr, params->type);
image_set_comp(hdr, params->comp);
image_set_name(hdr, params->imagename);
checksum = crc32(0, (const unsigned char *)hdr,
sizeof(image_header_t));
image_set_hcrc(hdr, checksum);
}
static int image_extract_subimage(void *ptr, struct image_tool_params *params)
{
const image_header_t *hdr = (const image_header_t *)ptr;
ulong file_data;
ulong file_len;
if (image_check_type(hdr, IH_TYPE_MULTI)) {
ulong idx = params->pflag;
ulong count;
/* get the number of data files present in the image */
count = image_multi_count(hdr);
/* retrieve the "data file" at the idx position */
image_multi_getimg(hdr, idx, &file_data, &file_len);
if ((file_len == 0) || (idx >= count)) {
fprintf(stderr, "%s: No such data file %ld in \"%s\"\n",
params->cmdname, idx, params->imagefile);
return -1;
}
} else {
file_data = image_get_data(hdr);
file_len = image_get_size(hdr);
}
/* save the "data file" into the file system */
return imagetool_save_subimage(params->outfile, file_data, file_len);
}
/*
* Default image type parameters definition
*/
U_BOOT_IMAGE_TYPE(
defimage,
"Default Image support",
sizeof(image_header_t),
(void *)&header,
image_check_params,
image_verify_header,
image_print_contents,
image_set_header,
image_extract_subimage,
image_check_image_types,
NULL,
NULL
);
Reference in New Issue View Git Blame Copy Permalink