X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=include%2Fimage.h;h=fcfe730204a63e54f9063ad270050e84a0d1d540;hb=49ddcf3e0e923040ef554d9ea033e0d8ba7e80e1;hp=734def31178438b758404f3daba40b63cd1b31dc;hpb=ff87b0810753cfaec0e3094aa9fda8b12d6ca569;p=u-boot diff --git a/include/image.h b/include/image.h index 734def3117..fcfe730204 100644 --- a/include/image.h +++ b/include/image.h @@ -29,6 +29,9 @@ struct lmb; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ +#define CONFIG_FIT_ENABLE_SHA256_SUPPORT +#define CONFIG_SHA1 +#define CONFIG_SHA256 #define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" @@ -62,25 +65,13 @@ struct lmb; # ifdef CONFIG_SPL_SHA1_SUPPORT # define IMAGE_ENABLE_SHA1 1 # endif -# ifdef CONFIG_SPL_SHA256_SUPPORT -# define IMAGE_ENABLE_SHA256 1 -# endif # else # define CONFIG_CRC32 /* FIT images need CRC32 support */ -# define CONFIG_MD5 /* and MD5 */ -# define CONFIG_SHA1 /* and SHA1 */ -# define CONFIG_SHA256 /* and SHA256 */ # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 # define IMAGE_ENABLE_SHA1 1 -# define IMAGE_ENABLE_SHA256 1 # endif -#ifdef CONFIG_FIT_DISABLE_SHA256 -#undef CONFIG_SHA256 -#undef IMAGE_ENABLE_SHA256 -#endif - #ifndef IMAGE_ENABLE_CRC32 #define IMAGE_ENABLE_CRC32 0 #endif @@ -93,18 +84,15 @@ struct lmb; #define IMAGE_ENABLE_SHA1 0 #endif -#ifndef IMAGE_ENABLE_SHA256 +#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ + defined(CONFIG_SPL_SHA256_SUPPORT) +#define IMAGE_ENABLE_SHA256 1 +#else #define IMAGE_ENABLE_SHA256 0 #endif #endif /* IMAGE_ENABLE_FIT */ -#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH -# define IMAGE_ENABLE_RAMDISK_HIGH 1 -#else -# define IMAGE_ENABLE_RAMDISK_HIGH 0 -#endif - #ifdef CONFIG_SYS_BOOT_GET_CMDLINE # define IMAGE_BOOT_GET_CMDLINE 1 #else @@ -200,6 +188,7 @@ enum { IH_ARCH_ARM64, /* ARM64 */ IH_ARCH_ARC, /* Synopsys DesignWare ARC */ IH_ARCH_X86_64, /* AMD x86_64, Intel and Via */ + IH_ARCH_XTENSA, /* Xtensa */ IH_ARCH_COUNT, }; @@ -277,6 +266,9 @@ enum { IH_TYPE_ZYNQIMAGE, /* Xilinx Zynq Boot Image */ IH_TYPE_ZYNQMPIMAGE, /* Xilinx ZynqMP Boot Image */ IH_TYPE_FPGA, /* FPGA Image */ + IH_TYPE_VYBRIDIMAGE, /* VYBRID .vyb Image */ + IH_TYPE_TEE, /* Trusted Execution Environment OS Image */ + IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_COUNT, /* Number of image types */ }; @@ -793,7 +785,8 @@ static inline int image_check_type(const image_header_t *hdr, uint8_t type) } static inline int image_check_arch(const image_header_t *hdr, uint8_t arch) { - return (image_get_arch(hdr) == arch); + return (image_get_arch(hdr) == arch) || + (image_get_arch(hdr) == IH_ARCH_ARM && arch == IH_ARCH_ARM64); } static inline int image_check_os(const image_header_t *hdr, uint8_t os) { @@ -868,6 +861,8 @@ int bootz_setup(ulong image, ulong *start, ulong *end); /* image node */ #define FIT_DATA_PROP "data" +#define FIT_DATA_OFFSET_PROP "data-offset" +#define FIT_DATA_SIZE_PROP "data-size" #define FIT_TIMESTAMP_PROP "timestamp" #define FIT_DESC_PROP "description" #define FIT_ARCH_PROP "arch" @@ -946,6 +941,8 @@ int fit_image_get_load(const void *fit, int noffset, ulong *load); int fit_image_get_entry(const void *fit, int noffset, ulong *entry); int fit_image_get_data(const void *fit, int noffset, const void **data, size_t *size); +int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset); +int fit_image_get_data_size(const void *fit, int noffset, int *data_size); int fit_image_hash_get_algo(const void *fit, int noffset, char **algo); int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, @@ -961,6 +958,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp); * @fit: Pointer to the FIT format image header * @comment: Comment to add to signature nodes * @require_keys: Mark all keys as 'required' + * @engine_id: Engine to use for signing * * Adds hash values for all component images in the FIT blob. * Hashes are calculated for all component images which have hash subnodes @@ -973,7 +971,8 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp); * libfdt error code, on failure */ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys); + const char *comment, int require_keys, + const char *engine_id); int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); @@ -1047,10 +1046,13 @@ struct image_sign_info { const char *keyname; /* Name of key to use */ void *fit; /* Pointer to FIT blob */ int node_offset; /* Offset of signature node */ - struct image_sig_algo *algo; /* Algorithm information */ + const char *name; /* Algorithm name */ + struct checksum_algo *checksum; /* Checksum algorithm information */ + struct crypto_algo *crypto; /* Crypto algorithm information */ const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ + const char *engine_id; /* Engine to use for signing */ }; #endif /* Allow struct image_region to always be defined for rsa.h */ @@ -1068,18 +1070,19 @@ struct image_region { struct checksum_algo { const char *name; const int checksum_len; - const int pad_len; + const int der_len; + const uint8_t *der_prefix; #if IMAGE_ENABLE_SIGN const EVP_MD *(*calculate_sign)(void); #endif int (*calculate)(const char *name, const struct image_region region[], int region_count, uint8_t *checksum); - const uint8_t *rsa_padding; }; -struct image_sig_algo { +struct crypto_algo { const char *name; /* Name of algorithm */ + const int key_len; /** * sign() - calculate and return signature for given input data @@ -1128,18 +1131,23 @@ struct image_sig_algo { int (*verify)(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); - - /* pointer to checksum algorithm */ - struct checksum_algo *checksum; }; /** - * image_get_sig_algo() - Look up a signature algortihm + * image_get_checksum_algo() - Look up a checksum algorithm + * + * @param full_name Name of algorithm in the form "checksum,crypto" + * @return pointer to algorithm information, or NULL if not found + */ +struct checksum_algo *image_get_checksum_algo(const char *full_name); + +/** + * image_get_crypto_algo() - Look up a cryptosystem algorithm * - * @param name Name of algorithm + * @param full_name Name of algorithm in the form "checksum,crypto" * @return pointer to algorithm information, or NULL if not found */ -struct image_sig_algo *image_get_sig_algo(const char *name); +struct crypto_algo *image_get_crypto_algo(const char *full_name); /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' @@ -1244,7 +1252,8 @@ void android_print_contents(const struct andr_img_hdr *hdr); */ int board_fit_config_name_match(const char *name); -#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS +#if defined(CONFIG_SPL_FIT_IMAGE_POST_PROCESS) || \ + defined(CONFIG_FIT_IMAGE_POST_PROCESS) /** * board_fit_image_post_process() - Do any post-process on FIT binary data * @@ -1261,4 +1270,34 @@ int board_fit_config_name_match(const char *name); void board_fit_image_post_process(void **p_image, size_t *p_size); #endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */ +/** + * Mapping of image types to function handlers to be invoked on the associated + * loaded images + * + * @type: Type of image, I.E. IH_TYPE_* + * @handler: Function to call on loaded image + */ +struct fit_loadable_tbl { + int type; + /** + * handler() - Process a loaded image + * + * @data: Pointer to start of loaded image data + * @size: Size of loaded image data + */ + void (*handler)(ulong data, size_t size); +}; + +/* + * Define a FIT loadable image type handler + * + * _type is a valid uimage_type ID as defined in the "Image Type" enum above + * _handler is the handler function to call after this image type is loaded + */ +#define U_BOOT_FIT_LOADABLE_HANDLER(_type, _handler) \ + ll_entry_declare(struct fit_loadable_tbl, _function, fit_loadable) = { \ + .type = _type, \ + .handler = _handler, \ + } + #endif /* __IMAGE_H__ */