return 0;
}
+#endif /* USE_HOSTCC */
/**
* decomp_image() - decompress the operating system
return 0;
}
+#ifndef USE_HOSTCC
static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
int boot_progress)
{
return buf;
}
+#else /* USE_HOSTCC */
+
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz)
+{
+ memmove(to, from, len);
+}
+
+static int bootm_host_load_image(const void *fit, int req_image_type)
+{
+ const char *fit_uname_config = NULL;
+ ulong data, len;
+ bootm_headers_t images;
+ int noffset;
+ ulong load_end;
+ uint8_t image_type;
+ uint8_t imape_comp;
+ void *load_buf;
+ int ret;
+
+ memset(&images, '\0', sizeof(images));
+ images.verify = 1;
+ noffset = fit_image_load(&images, (ulong)fit,
+ NULL, &fit_uname_config,
+ IH_ARCH_DEFAULT, req_image_type, -1,
+ FIT_LOAD_IGNORED, &data, &len);
+ if (noffset < 0)
+ return noffset;
+ if (fit_image_get_type(fit, noffset, &image_type)) {
+ puts("Can't get image type!\n");
+ return -EINVAL;
+ }
+
+ if (fit_image_get_comp(fit, noffset, &imape_comp)) {
+ puts("Can't get image compression!\n");
+ return -EINVAL;
+ }
+
+ /* Allow the image to expand by a factor of 4, should be safe */
+ load_buf = malloc((1 << 20) + len * 4);
+ ret = decomp_image(imape_comp, 0, data, image_type, load_buf,
+ (void *)data, len, &load_end);
+ free(load_buf);
+ if (ret && ret != BOOTM_ERR_UNIMPLEMENTED)
+ return ret;
+
+ return 0;
+}
+
+int bootm_host_load_images(const void *fit, int cfg_noffset)
+{
+ static uint8_t image_types[] = {
+ IH_TYPE_KERNEL,
+ IH_TYPE_FLATDT,
+ IH_TYPE_RAMDISK,
+ };
+ int err = 0;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(image_types); i++) {
+ int ret;
+
+ ret = bootm_host_load_image(fit, image_types[i]);
+ if (!err && ret && ret != -ENOENT)
+ err = ret;
+ }
+
+ /* Return the first error we found */
+ return err;
+}
#endif /* ndef USE_HOSTCC */
}
bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
+#ifndef USE_HOSTCC
if (!fit_image_check_target_arch(fit, noffset)) {
puts("Unsupported Architecture\n");
bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH);
return -ENOEXEC;
}
-
+#endif
if (image_type == IH_TYPE_FLATDT &&
!fit_image_check_comp(fit, noffset, IH_COMP_NONE)) {
puts("FDT image is compressed");
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
+Signature check OK
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
Test passed
+
Future Work
-----------
- Roll-back protection using a TPM is done using the tpm command. This can
boot_os_fn *bootm_os_get_boot_func(int os);
+int bootm_host_load_images(const void *fit, int cfg_noffset);
+
int boot_selected_os(int argc, char * const argv[], int state,
bootm_headers_t *images, boot_os_fn *boot_fn);
int boot_get_ramdisk(int argc, char * const argv[], bootm_headers_t *images,
uint8_t arch, ulong *rd_start, ulong *rd_end);
+#endif
/**
* fit_image_load() - load an image from a FIT
* @param load_op Decribes what to do with the load address
* @param datap Returns address of loaded image
* @param lenp Returns length of loaded image
+ * @return node offset of image, or -ve error code on error
*/
int fit_image_load(bootm_headers_t *images, ulong addr,
const char **fit_unamep, const char **fit_uname_configp,
int arch, int image_type, int bootstage_id,
enum fit_load_op load_op, ulong *datap, ulong *lenp);
+#ifndef USE_HOSTCC
/**
* fit_get_node_from_config() - Look up an image a FIT by type
*
ulong getenv_bootm_low(void);
phys_size_t getenv_bootm_size(void);
phys_size_t getenv_bootm_mapsize(void);
-void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
#endif
+void memmove_wd(void *to, void *from, size_t len, ulong chunksz);
static inline int image_check_magic(const image_header_t *hdr)
{
image_set_host_blob(key_blob);
ret = fit_check_sign(fit_blob, key_blob);
- if (!ret)
+ if (!ret) {
ret = EXIT_SUCCESS;
- else
+ fprintf(stderr, "Signature check OK\n");
+ } else {
ret = EXIT_FAILURE;
+ fprintf(stderr, "Signature check Bad (error %d)\n", ret);
+ }
(void) munmap((void *)fit_blob, fsbuf.st_size);
(void) munmap((void *)key_blob, ksbuf.st_size);
*/
#include "mkimage.h"
+#include <bootm.h>
#include <image.h>
#include <version.h>
}
#ifdef CONFIG_FIT_SIGNATURE
-int fit_check_sign(const void *working_fdt, const void *key)
+int fit_check_sign(const void *fit, const void *key)
{
int cfg_noffset;
int ret;
- cfg_noffset = fit_conf_get_node(working_fdt, NULL);
+ cfg_noffset = fit_conf_get_node(fit, NULL);
if (!cfg_noffset)
return -1;
- ret = fit_config_verify(working_fdt, cfg_noffset);
+ printf("Verifying Hash Integrity ... ");
+ ret = fit_config_verify(fit, cfg_noffset);
+ if (ret)
+ return ret;
+ ret = bootm_host_load_images(fit, cfg_noffset);
+
return ret;
}
#endif