common: image: Add support for post-processing of images

This commit allows injecting a board/platform/device-specific post-
processing function into the FIT image data loading process, which can
include modifying the size and altering the starting source address of
an image data artifact. This might be desired to do things like strip
headers or footers attached to the images before they were packaged into
the FIT, or to perform operations such as decryption or authentication.
Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to
allow controlling this feature. If enabled, a platform-specific post-
process function must be provided.

Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/Kconfig b/Kconfig
index 1119b1971666795066d2f7ea620753ba823cbda8..cb5af5b0f76b3d594cb5c88b470fbe03755925c9 100644 (file)
--- a/Kconfig
+++ b/Kconfig
@@ -344,6 +344,20 @@ config SPL_FIT_IMAGE_POST_PROCESS
          injected into the FIT creation (i.e. the blobs would have been pre-
          processed before being added to the FIT image).
 
+config FIT_IMAGE_POST_PROCESS
+       bool "Enable post-processing of FIT artifacts after loading by U-Boot"
+       depends on FIT && TI_SECURE_DEVICE
+       help
+         Allows doing any sort of manipulation to blobs after they got extracted
+         from FIT images like stripping off headers or modifying the size of the
+         blob, verification, authentication, decryption etc. in a platform or
+         board specific way. In order to use this feature a platform or board-
+         specific implementation of board_fit_image_post_process() must be
+         provided. Also, anything done during this post-processing step would
+         need to be comprehended in how the images were prepared before being
+         injected into the FIT creation (i.e. the blobs would have been pre-
+         processed before being added to the FIT image).
+
 config SYS_CLK_FREQ
        depends on ARC || ARCH_SUNXI
        int "CPU clock frequency"

diff --git a/common/image-fit.c b/common/image-fit.c
index 73ad34e491ba2fdeccaa3de11b6e4f8440bea122..d8d4e9503020c958e765802730d1a4493cbe23e5 100644 (file)
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -11,9 +11,9 @@
 
 #ifdef USE_HOSTCC
 #include "mkimage.h"
-#include <image.h>
 #include <time.h>
 #else
+#include <linux/compiler.h>
 #include <common.h>
 #include <errno.h>
 #include <mapmem.h>
@@ -21,6 +21,7 @@
 DECLARE_GLOBAL_DATA_PTR;
 #endif /* !USE_HOSTCC*/
 
+#include <image.h>
 #include <bootstage.h>
 #include <u-boot/crc.h>
 #include <u-boot/md5.h>
@@ -1507,6 +1508,12 @@ void fit_conf_print(const void *fit, int noffset, const char *p)
 
 static int fit_image_select(const void *fit, int rd_noffset, int verify)
 {
+#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS)
+       const void *data;
+       size_t size;
+       int ret;
+#endif
+
        fit_image_print(fit, rd_noffset, "   ");
 
        if (verify) {
@@ -1518,6 +1525,23 @@ static int fit_image_select(const void *fit, int rd_noffset, int verify)
                puts("OK\n");
        }
 
+#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS)
+       ret = fit_image_get_data(fit, rd_noffset, &data, &size);
+       if (ret)
+               return ret;
+
+       /* perform any post-processing on the image data */
+       board_fit_image_post_process((void **)&data, &size);
+
+       /*
+        * update U-Boot's understanding of the "data" property start address
+        * and size according to the performed post-processing
+        */
+       ret = fdt_setprop((void *)fit, rd_noffset, FIT_DATA_PROP, data, size);
+       if (ret)
+               return ret;
+#endif
+
        return 0;
 }