#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
+#define CONFIG_SHA1
+#define CONFIG_SHA256
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
-# ifdef CONFIG_SPL_SHA256_SUPPORT
-# define IMAGE_ENABLE_SHA256 1
-# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
-# define CONFIG_MD5 /* and MD5 */
-# define CONFIG_SHA1 /* and SHA1 */
-# define CONFIG_SHA256 /* and SHA256 */
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
-# define IMAGE_ENABLE_SHA256 1
# endif
-#ifdef CONFIG_FIT_DISABLE_SHA256
-#undef CONFIG_SHA256
-#undef IMAGE_ENABLE_SHA256
-#endif
-
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
#define IMAGE_ENABLE_SHA1 0
#endif
-#ifndef IMAGE_ENABLE_SHA256
+#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
+ defined(CONFIG_SPL_SHA256_SUPPORT)
+#define IMAGE_ENABLE_SHA256 1
+#else
#define IMAGE_ENABLE_SHA256 0
#endif
#endif /* IMAGE_ENABLE_FIT */
-#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
-# define IMAGE_ENABLE_RAMDISK_HIGH 1
-#else
-# define IMAGE_ENABLE_RAMDISK_HIGH 0
-#endif
-
#ifdef CONFIG_SYS_BOOT_GET_CMDLINE
# define IMAGE_BOOT_GET_CMDLINE 1
#else
IH_TYPE_ZYNQMPIMAGE, /* Xilinx ZynqMP Boot Image */
IH_TYPE_FPGA, /* FPGA Image */
IH_TYPE_VYBRIDIMAGE, /* VYBRID .vyb Image */
+ IH_TYPE_TEE, /* Trusted Execution Environment OS Image */
+ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */
+ IH_TYPE_PMMC, /* TI Power Management Micro-Controller Firmware */
IH_TYPE_COUNT, /* Number of image types */
};
bd_t *kbd;
#endif
- int verify; /* getenv("verify")[0] != 'n' */
+ int verify; /* env_get("verify")[0] != 'n' */
#define BOOTM_STATE_START (0x00000001)
#define BOOTM_STATE_FINDOS (0x00000002)
int boot_get_setup_fit(bootm_headers_t *images, uint8_t arch,
ulong *setup_start, ulong *setup_len);
+/**
+ * boot_get_fdt_fit() - load a DTB from a FIT file (applying overlays)
+ *
+ * This deals with all aspects of loading an DTB from a FIT.
+ * The correct base image based on configuration will be selected, and
+ * then any overlays specified will be applied (as present in fit_uname_configp).
+ *
+ * @param images Boot images structure
+ * @param addr Address of FIT in memory
+ * @param fit_unamep On entry this is the requested image name
+ * (e.g. "kernel@1") or NULL to use the default. On exit
+ * points to the selected image name
+ * @param fit_uname_configp On entry this is the requested configuration
+ * name (e.g. "conf@1") or NULL to use the default. On
+ * exit points to the selected configuration name.
+ * @param arch Expected architecture (IH_ARCH_...)
+ * @param datap Returns address of loaded image
+ * @param lenp Returns length of loaded image
+ *
+ * @return node offset of base image, or -ve error code on error
+ */
+int boot_get_fdt_fit(bootm_headers_t *images, ulong addr,
+ const char **fit_unamep, const char **fit_uname_configp,
+ int arch, ulong *datap, ulong *lenp);
+
/**
* fit_image_load() - load an image from a FIT
*
int image_check_hcrc(const image_header_t *hdr);
int image_check_dcrc(const image_header_t *hdr);
#ifndef USE_HOSTCC
-ulong getenv_bootm_low(void);
-phys_size_t getenv_bootm_size(void);
-phys_size_t getenv_bootm_mapsize(void);
+ulong env_get_bootm_low(void);
+phys_size_t env_get_bootm_size(void);
+phys_size_t env_get_bootm_mapsize(void);
#endif
void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
}
static inline int image_check_arch(const image_header_t *hdr, uint8_t arch)
{
- return (image_get_arch(hdr) == arch);
+ return (image_get_arch(hdr) == arch) ||
+ (image_get_arch(hdr) == IH_ARCH_ARM && arch == IH_ARCH_ARM64);
}
static inline int image_check_os(const image_header_t *hdr, uint8_t os)
{
/* image node */
#define FIT_DATA_PROP "data"
+#define FIT_DATA_OFFSET_PROP "data-offset"
+#define FIT_DATA_SIZE_PROP "data-size"
#define FIT_TIMESTAMP_PROP "timestamp"
#define FIT_DESC_PROP "description"
#define FIT_ARCH_PROP "arch"
int fit_image_get_entry(const void *fit, int noffset, ulong *entry);
int fit_image_get_data(const void *fit, int noffset,
const void **data, size_t *size);
+int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset);
+int fit_image_get_data_size(const void *fit, int noffset, int *data_size);
int fit_image_hash_get_algo(const void *fit, int noffset, char **algo);
int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value,
* @fit: Pointer to the FIT format image header
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
*
* Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes
* libfdt error code, on failure
*/
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys);
+ const char *comment, int require_keys,
+ const char *engine_id);
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
const char *keyname; /* Name of key to use */
void *fit; /* Pointer to FIT blob */
int node_offset; /* Offset of signature node */
- struct image_sig_algo *algo; /* Algorithm information */
+ const char *name; /* Algorithm name */
+ struct checksum_algo *checksum; /* Checksum algorithm information */
+ struct crypto_algo *crypto; /* Crypto algorithm information */
const void *fdt_blob; /* FDT containing public keys */
int required_keynode; /* Node offset of key to use: -1=any */
const char *require_keys; /* Value for 'required' property */
+ const char *engine_id; /* Engine to use for signing */
};
#endif /* Allow struct image_region to always be defined for rsa.h */
struct checksum_algo {
const char *name;
const int checksum_len;
- const int pad_len;
+ const int der_len;
+ const uint8_t *der_prefix;
#if IMAGE_ENABLE_SIGN
const EVP_MD *(*calculate_sign)(void);
#endif
int (*calculate)(const char *name,
const struct image_region region[],
int region_count, uint8_t *checksum);
- const uint8_t *rsa_padding;
};
-struct image_sig_algo {
+struct crypto_algo {
const char *name; /* Name of algorithm */
+ const int key_len;
/**
* sign() - calculate and return signature for given input data
int (*verify)(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
-
- /* pointer to checksum algorithm */
- struct checksum_algo *checksum;
};
/**
- * image_get_sig_algo() - Look up a signature algortihm
+ * image_get_checksum_algo() - Look up a checksum algorithm
*
- * @param name Name of algorithm
+ * @param full_name Name of algorithm in the form "checksum,crypto"
* @return pointer to algorithm information, or NULL if not found
*/
-struct image_sig_algo *image_get_sig_algo(const char *name);
+struct checksum_algo *image_get_checksum_algo(const char *full_name);
+
+/**
+ * image_get_crypto_algo() - Look up a cryptosystem algorithm
+ *
+ * @param full_name Name of algorithm in the form "checksum,crypto"
+ * @return pointer to algorithm information, or NULL if not found
+ */
+struct crypto_algo *image_get_crypto_algo(const char *full_name);
/**
* fit_image_verify_required_sigs() - Verify signatures marked as 'required'
*/
int board_fit_config_name_match(const char *name);
-#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS
+#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \
+ defined(CONFIG_FIT_IMAGE_POST_PROCESS)
/**
* board_fit_image_post_process() - Do any post-process on FIT binary data
*
void board_fit_image_post_process(void **p_image, size_t *p_size);
#endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */
+#define FDT_ERROR ((ulong)(-1))
+
+ulong fdt_getprop_u32(const void *fdt, int node, const char *prop);
+
+/**
+ * fit_find_config_node() - Find the node for the best DTB in a FIT image
+ *
+ * A FIT image contains one or more DTBs. This function parses the
+ * configurations described in the FIT images and returns the node of
+ * the first matching DTB. To check if a DTB matches a board, this function
+ * calls board_fit_config_name_match(). If no matching DTB is found, it returns
+ * the node described by the default configuration if it exists.
+ *
+ * @fdt: pointer to flat device tree
+ * @return the node if found, -ve otherwise
+ */
+int fit_find_config_node(const void *fdt);
+
+/**
+ * Mapping of image types to function handlers to be invoked on the associated
+ * loaded images
+ *
+ * @type: Type of image, I.E. IH_TYPE_*
+ * @handler: Function to call on loaded image
+ */
+struct fit_loadable_tbl {
+ int type;
+ /**
+ * handler() - Process a loaded image
+ *
+ * @data: Pointer to start of loaded image data
+ * @size: Size of loaded image data
+ */
+ void (*handler)(ulong data, size_t size);
+};
+
+/*
+ * Define a FIT loadable image type handler
+ *
+ * _type is a valid uimage_type ID as defined in the "Image Type" enum above
+ * _handler is the handler function to call after this image type is loaded
+ */
+#define U_BOOT_FIT_LOADABLE_HANDLER(_type, _handler) \
+ ll_entry_declare(struct fit_loadable_tbl, _function, fit_loadable) = { \
+ .type = _type, \
+ .handler = _handler, \
+ }
+
#endif /* __IMAGE_H__ */