From 838404054e406e82938cbf7be7f90cce058d453b Mon Sep 17 00:00:00 2001 From: Andre Przywara Date: Mon, 4 Dec 2017 02:05:07 +0000 Subject: [PATCH] doc: FIT image: fix incorrect description of DT node unit address The DT spec demands a unit-address in a node name to match the "reg" property in that node. Newer dtc versions will throw warnings if this is not the case. Fix all occurences in the FIT image documentation files where this was not observed, to not give bad examples to the reader. Signed-off-by: Andre Przywara --- doc/uImage.FIT/beaglebone_vboot.txt | 84 ++++++++-------- doc/uImage.FIT/command_syntax_extensions.txt | 42 ++++---- doc/uImage.FIT/howto.txt | 52 +++++----- doc/uImage.FIT/overlay-fdt-boot.txt | 78 +++++++-------- doc/uImage.FIT/signature.txt | 100 +++++++++---------- doc/uImage.FIT/source_file_format.txt | 26 ++--- doc/uImage.FIT/x86-fit-boot.txt | 10 +- 7 files changed, 196 insertions(+), 196 deletions(-) diff --git a/doc/uImage.FIT/beaglebone_vboot.txt b/doc/uImage.FIT/beaglebone_vboot.txt index b4ab28542e..f1862c2753 100644 --- a/doc/uImage.FIT/beaglebone_vboot.txt +++ b/doc/uImage.FIT/beaglebone_vboot.txt @@ -130,7 +130,7 @@ Put this into a file in that directory called sign.its: #address-cells = <1>; images { - kernel@1 { + kernel { data = /incbin/("Image.lzo"); type = "kernel"; arch = "arm"; @@ -138,27 +138,27 @@ Put this into a file in that directory called sign.its: compression = "lzo"; load = <0x80008000>; entry = <0x80008000>; - hash@1 { + hash-1 { algo = "sha1"; }; }; - fdt@1 { + fdt-1 { description = "beaglebone-black"; data = /incbin/("am335x-boneblack.dtb"); type = "flat_dt"; arch = "arm"; compression = "none"; - hash@1 { + hash-1 { algo = "sha1"; }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel"; + fdt = "fdt-1"; + signature-1 { algo = "sha1,rsa2048"; key-name-hint = "dev"; sign-images = "fdt", "kernel"; @@ -211,7 +211,7 @@ You should see something like this: FIT description: Beaglebone black Created: Sun Jun 1 12:50:30 2014 - Image 0 (kernel@1) + Image 0 (kernel) Description: unavailable Created: Sun Jun 1 12:50:30 2014 Type: Kernel Image @@ -223,7 +223,7 @@ Created: Sun Jun 1 12:50:30 2014 Entry Point: 0x80008000 Hash algo: sha1 Hash value: c94364646427e10f423837e559898ef02c97b988 - Image 1 (fdt@1) + Image 1 (fdt-1) Description: beaglebone-black Created: Sun Jun 1 12:50:30 2014 Type: Flat Device Tree @@ -232,11 +232,11 @@ Created: Sun Jun 1 12:50:30 2014 Architecture: ARM Hash algo: sha1 Hash value: cb09202f889d824f23b8e4404b781be5ad38a68d - Default Configuration: 'conf@1' - Configuration 0 (conf@1) + Default Configuration: 'conf-1' + Configuration 0 (conf-1) Description: unavailable - Kernel: kernel@1 - FDT: fdt@1 + Kernel: kernel + FDT: fdt-1 Now am335x-boneblack-pubkey.dtb contains the public key and image.fit contains @@ -251,12 +251,12 @@ which results in: Verifying Hash Integrity ... sha1,rsa2048:dev+ ## Loading kernel from FIT Image at 7fc6ee469000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK - Trying 'kernel@1' kernel subimage + Trying 'kernel' kernel subimage Description: unavailable Created: Sun Jun 1 12:50:30 2014 Type: Kernel Image @@ -274,8 +274,8 @@ OK Unimplemented compression type 4 ## Loading fdt from FIT Image at 7fc6ee469000 ... - Using 'conf@1' configuration - Trying 'fdt@1' fdt subimage + Using 'conf-1' configuration + Trying 'fdt-1' fdt subimage Description: beaglebone-black Created: Sun Jun 1 12:50:30 2014 Type: Flat Device Tree @@ -291,7 +291,7 @@ OK Loading Flat Device Tree ... OK ## Loading ramdisk from FIT Image at 7fc6ee469000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Could not find subimage node Signature check OK @@ -313,8 +313,8 @@ the above flow works. But it is fun to do this by hand, so you can load image.fit into a hex editor like ghex, and change a byte in the kernel: - $UOUT/tools/fit_info -f image.fit -n /images/kernel@1 -p data -NAME: kernel@1 + $UOUT/tools/fit_info -f image.fit -n /images/kernel -p data +NAME: kernel LEN: 7790938 OFF: 168 @@ -324,12 +324,12 @@ fit_check_sign again. You should see something like: Verifying Hash Integrity ... sha1,rsa2048:dev+ ## Loading kernel from FIT Image at 7f5a39571000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK - Trying 'kernel@1' kernel subimage + Trying 'kernel' kernel subimage Description: unavailable Created: Sun Jun 1 13:09:21 2014 Type: Kernel Image @@ -343,12 +343,12 @@ OK Hash value: c94364646427e10f423837e559898ef02c97b988 Verifying Hash Integrity ... sha1 error -Bad hash value for 'hash@1' hash node in 'kernel@1' image node +Bad hash value for 'hash-1' hash node in 'kernel' image node Bad Data Hash ## Loading fdt from FIT Image at 7f5a39571000 ... - Using 'conf@1' configuration - Trying 'fdt@1' fdt subimage + Using 'conf-1' configuration + Trying 'fdt-1' fdt subimage Description: beaglebone-black Created: Sun Jun 1 13:09:21 2014 Type: Flat Device Tree @@ -364,7 +364,7 @@ OK Loading Flat Device Tree ... OK ## Loading ramdisk from FIT Image at 7f5a39571000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Could not find subimage node Signature check Bad (error 1) @@ -386,11 +386,11 @@ images configurations fdtget -l image.fit /configurations -conf@1 -fdtget -l image.fit /configurations/conf@1 -signature@1 +conf-1 +fdtget -l image.fit /configurations/conf-1 +signature-1 - fdtget -p image.fit /configurations/conf@1/signature@1 + fdtget -p image.fit /configurations/conf-1/signature-1 hashed-strings hashed-nodes timestamp @@ -401,20 +401,20 @@ algo key-name-hint sign-images - fdtget image.fit /configurations/conf@1/signature@1 hashed-nodes -/ /configurations/conf@1 /images/fdt@1 /images/fdt@1/hash@1 /images/kernel@1 /images/kernel@1/hash@1 + fdtget image.fit /configurations/conf-1/signature-1 hashed-nodes +/ /configurations/conf-1 /images/fdt-1 /images/fdt-1/hash /images/kernel /images/kernel/hash-1 This gives us a bit of a look into the signature that mkimage added. Note you can also use fdtdump to list the entire device tree. Say we want to change the kernel that this configuration uses -(/images/kernel@1). We could just put a new kernel in the image, but we will +(/images/kernel). We could just put a new kernel in the image, but we will need to change the hash to match. Let's simulate that by changing a byte of the hash: - fdtget -tx image.fit /images/kernel@1/hash@1 value + fdtget -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b988 - fdtput -tx image.fit /images/kernel@1/hash@1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981 + fdtput -tx image.fit /images/kernel/hash-1 value c9436464 6427e10f 423837e5 59898ef0 2c97b981 Now check it again: @@ -437,7 +437,7 @@ configuration. But that won't work since you are not allowed to change the configuration in any way. Try it with a fresh (valid) image if you like by running the mkimage link again. Then: - fdtput -p image.fit /configurations/conf@1/signature@2 value fred + fdtput -p image.fit /configurations/conf-1/signature-1 value fred $UOUT/tools/fit_check_sign -f image.fit -k am335x-boneblack-pubkey.dtb Verifying Hash Integrity ... - sha1,rsa2048:devrsa_verify_with_keynode: RSA failed to verify: -13 @@ -521,9 +521,9 @@ U-Boot# ext2load mmc 0:2 82000000 /boot/image.fit 7824930 bytes read in 589 ms (12.7 MiB/s) U-Boot# bootm 82000000 ## Loading kernel from FIT Image at 82000000 ... - Using 'conf@1' configuration + Using 'conf-1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK - Trying 'kernel@1' kernel subimage + Trying 'kernel' kernel subimage Description: unavailable Created: 2014-06-01 19:32:54 UTC Type: Kernel Image @@ -538,8 +538,8 @@ U-Boot# bootm 82000000 Hash value: c94364646427e10f423837e559898ef02c97b988 Verifying Hash Integrity ... sha1+ OK ## Loading fdt from FIT Image at 82000000 ... - Using 'conf@1' configuration - Trying 'fdt@1' fdt subimage + Using 'conf-1' configuration + Trying 'fdt-1' fdt subimage Description: beaglebone-black Created: 2014-06-01 19:32:54 UTC Type: Flat Device Tree diff --git a/doc/uImage.FIT/command_syntax_extensions.txt b/doc/uImage.FIT/command_syntax_extensions.txt index 676f992f90..6a99089ab5 100644 --- a/doc/uImage.FIT/command_syntax_extensions.txt +++ b/doc/uImage.FIT/command_syntax_extensions.txt @@ -138,31 +138,31 @@ unit. Examples: -- boot kernel "kernel@1" stored in a new uImage located at 200000: -bootm 200000:kernel@1 +- boot kernel "kernel-1" stored in a new uImage located at 200000: +bootm 200000:kernel-1 -- boot configuration "cfg@1" from a new uImage located at 200000: -bootm 200000#cfg@1 +- boot configuration "cfg-1" from a new uImage located at 200000: +bootm 200000#cfg-1 -- boot configuration "cfg@1" with extra "cfg@2" from a new uImage located +- boot configuration "cfg-1" with extra "cfg-2" from a new uImage located at 200000: -bootm 200000#cfg@1#cfg@2 +bootm 200000#cfg-1#cfg-2 -- boot "kernel@1" from a new uImage at 200000 with initrd "ramdisk@2" found in +- boot "kernel-1" from a new uImage at 200000 with initrd "ramdisk-2" found in some other new uImage stored at address 800000: -bootm 200000:kernel@1 800000:ramdisk@2 +bootm 200000:kernel-1 800000:ramdisk-2 -- boot "kernel@2" from a new uImage at 200000, with initrd "ramdisk@1" and FDT - "fdt@1", both stored in some other new uImage located at 800000: -bootm 200000:kernel@1 800000:ramdisk@1 800000:fdt@1 +- boot "kernel-2" from a new uImage at 200000, with initrd "ramdisk-1" and FDT + "fdt-1", both stored in some other new uImage located at 800000: +bootm 200000:kernel-1 800000:ramdisk-1 800000:fdt-1 -- boot kernel "kernel@2" with initrd "ramdisk@2", both stored in a new uImage +- boot kernel "kernel-2" with initrd "ramdisk-2", both stored in a new uImage at address 200000, with a raw FDT blob stored at address 600000: -bootm 200000:kernel@2 200000:ramdisk@2 600000 +bootm 200000:kernel-2 200000:ramdisk-2 600000 -- boot kernel "kernel@2" from new uImage at 200000 with FDT "fdt@1" from the +- boot kernel "kernel-2" from new uImage at 200000 with FDT "fdt-1" from the same new uImage: -bootm 200000:kernel@2 - 200000:fdt@1 +bootm 200000:kernel-2 - 200000:fdt-1 Note on current image address @@ -186,16 +186,16 @@ current image address is to be used. For example, consider the following commands: tftp 200000 /tftpboot/uImage -bootm :kernel@1 +bootm :kernel-1 Last command is equivalent to: -bootm 200000:kernel@1 +bootm 200000:kernel-1 tftp 200000 /tftpboot/uImage -bootm 400000:kernel@1 :ramdisk@1 +bootm 400000:kernel-1 :ramdisk-1 Last command is equivalent to: -bootm 400000:kernel@1 400000:ramdisk@1 +bootm 400000:kernel-1 400000:ramdisk-1 tftp 200000 /tftpboot/uImage -bootm :kernel@1 400000:ramdisk@1 :fdt@1 +bootm :kernel-1 400000:ramdisk-1 :fdt-1 Last command is equivalent to: -bootm 200000:kernel@1 400000:ramdisk@1 400000:fdt@1 +bootm 200000:kernel-1 400000:ramdisk-1 400000:fdt-1 diff --git a/doc/uImage.FIT/howto.txt b/doc/uImage.FIT/howto.txt index 2988a52aa1..8592719685 100644 --- a/doc/uImage.FIT/howto.txt +++ b/doc/uImage.FIT/howto.txt @@ -86,7 +86,7 @@ $ $ mkimage -l kernel.itb FIT description: Simple image with single Linux kernel Created: Tue Mar 11 17:26:15 2008 - Image 0 (kernel@1) + Image 0 (kernel) Description: Vanilla Linux kernel Type: Kernel Image Compression: gzip compressed @@ -99,10 +99,10 @@ Created: Tue Mar 11 17:26:15 2008 Hash value: 2ae2bb40 Hash algo: sha1 Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4 - Default Configuration: 'config@1' - Configuration 0 (config@1) + Default Configuration: 'config-1' + Configuration 0 (config-1) Description: Boot Linux kernel - Kernel: kernel@1 + Kernel: kernel The resulting image file kernel.itb can be now transferred to the target, @@ -130,7 +130,7 @@ Bytes transferred = 944464 (e6950 hex) FIT image found FIT description: Simple image with single Linux kernel Created: 2008-03-11 16:26:15 UTC - Image 0 (kernel@1) + Image 0 (kernel) Description: Vanilla Linux kernel Type: Kernel Image Compression: gzip compressed @@ -144,15 +144,15 @@ Bytes transferred = 944464 (e6950 hex) Hash value: 2ae2bb40 Hash algo: sha1 Hash value: 3c200f34e2c226ddc789240cca0c59fc54a67cf4 - Default Configuration: 'config@1' - Configuration 0 (config@1) + Default Configuration: 'config-1' + Configuration 0 (config-1) Description: Boot Linux kernel - Kernel: kernel@1 + Kernel: kernel => bootm ## Booting kernel from FIT Image at 00900000 ... - Using 'config@1' configuration - Trying 'kernel@1' kernel subimage + Using 'config-1' configuration + Trying 'kernel' kernel subimage Description: Vanilla Linux kernel Type: Kernel Image Compression: gzip compressed @@ -196,7 +196,7 @@ $ $ mkimage -l kernel_fdt.itb FIT description: Simple image with single Linux kernel and FDT blob Created: Tue Mar 11 16:29:22 2008 - Image 0 (kernel@1) + Image 0 (kernel) Description: Vanilla Linux kernel Type: Kernel Image Compression: gzip compressed @@ -209,7 +209,7 @@ Created: Tue Mar 11 16:29:22 2008 Hash value: 2c0cc807 Hash algo: sha1 Hash value: 264b59935470e42c418744f83935d44cdf59a3bb - Image 1 (fdt@1) + Image 1 (fdt-1) Description: Flattened Device Tree blob Type: Flat Device Tree Compression: uncompressed @@ -219,11 +219,11 @@ Created: Tue Mar 11 16:29:22 2008 Hash value: 0d655d71 Hash algo: sha1 Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def - Default Configuration: 'conf@1' - Configuration 0 (conf@1) + Default Configuration: 'conf-1' + Configuration 0 (conf-1) Description: Boot Linux kernel with FDT blob - Kernel: kernel@1 - FDT: fdt@1 + Kernel: kernel + FDT: fdt-1 The resulting image file kernel_fdt.itb can be now transferred to the target, @@ -245,7 +245,7 @@ Bytes transferred = 1109776 (10ef10 hex) FIT image found FIT description: Simple image with single Linux kernel and FDT blob Created: 2008-03-11 15:29:22 UTC - Image 0 (kernel@1) + Image 0 (kernel) Description: Vanilla Linux kernel Type: Kernel Image Compression: gzip compressed @@ -259,7 +259,7 @@ Bytes transferred = 1109776 (10ef10 hex) Hash value: 2c0cc807 Hash algo: sha1 Hash value: 264b59935470e42c418744f83935d44cdf59a3bb - Image 1 (fdt@1) + Image 1 (fdt-1) Description: Flattened Device Tree blob Type: Flat Device Tree Compression: uncompressed @@ -270,15 +270,15 @@ Bytes transferred = 1109776 (10ef10 hex) Hash value: 0d655d71 Hash algo: sha1 Hash value: 25ab4e15cd4b8a5144610394560d9c318ce52def - Default Configuration: 'conf@1' - Configuration 0 (conf@1) + Default Configuration: 'conf-1' + Configuration 0 (conf-1) Description: Boot Linux kernel with FDT blob - Kernel: kernel@1 - FDT: fdt@1 + Kernel: kernel + FDT: fdt-1 => bootm ## Booting kernel from FIT Image at 00900000 ... - Using 'conf@1' configuration - Trying 'kernel@1' kernel subimage + Using 'conf-1' configuration + Trying 'kernel' kernel subimage Description: Vanilla Linux kernel Type: Kernel Image Compression: gzip compressed @@ -295,8 +295,8 @@ Bytes transferred = 1109776 (10ef10 hex) Verifying Hash Integrity ... crc32+ sha1+ OK Uncompressing Kernel Image ... OK ## Flattened Device Tree from FIT Image at 00900000 - Using 'conf@1' configuration - Trying 'fdt@1' FDT blob subimage + Using 'conf-1' configuration + Trying 'fdt-1' FDT blob subimage Description: Flattened Device Tree blob Type: Flat Device Tree Compression: uncompressed diff --git a/doc/uImage.FIT/overlay-fdt-boot.txt b/doc/uImage.FIT/overlay-fdt-boot.txt index 63e47da2a9..dddc4db1a6 100644 --- a/doc/uImage.FIT/overlay-fdt-boot.txt +++ b/doc/uImage.FIT/overlay-fdt-boot.txt @@ -24,7 +24,7 @@ Without using overlays the configuration would be as follows for every case. /dts-v1/; / { images { - kernel@1 { + kernel { data = /incbin/("./zImage"); type = "kernel"; arch = "arm"; @@ -32,32 +32,32 @@ Without using overlays the configuration would be as follows for every case. load = <0x82000000>; entry = <0x82000000>; }; - fdt@1 { + fdt-1 { data = /incbin/("./foo-reva.dtb"); type = "flat_dt"; arch = "arm"; }; - fdt@2 { + fdt-2 { data = /incbin/("./foo-revb.dtb"); type = "flat_dt"; arch = "arm"; }; - fdt@3 { + fdt-3 { data = /incbin/("./foo-reva-bar.dtb"); type = "flat_dt"; arch = "arm"; }; - fdt@4 { + fdt-4 { data = /incbin/("./foo-revb-bar.dtb"); type = "flat_dt"; arch = "arm"; }; - fdt@5 { + fdt-5 { data = /incbin/("./foo-revb-baz.dtb"); type = "flat_dt"; arch = "arm"; }; - fdt@6 { + fdt-6 { data = /incbin/("./foo-revb-bar-baz.dtb"); type = "flat_dt"; arch = "arm"; @@ -67,28 +67,28 @@ Without using overlays the configuration would be as follows for every case. configurations { default = "foo-reva.dtb; foo-reva.dtb { - kernel = "kernel@1"; - fdt = "fdt@1"; + kernel = "kernel"; + fdt = "fdt-1"; }; foo-revb.dtb { - kernel = "kernel@1"; - fdt = "fdt@2"; + kernel = "kernel"; + fdt = "fdt-2"; }; foo-reva-bar.dtb { - kernel = "kernel@1"; - fdt = "fdt@3"; + kernel = "kernel"; + fdt = "fdt-3"; }; foo-revb-bar.dtb { - kernel = "kernel@1"; - fdt = "fdt@4"; + kernel = "kernel"; + fdt = "fdt-4"; }; foo-revb-baz.dtb { - kernel = "kernel@1"; - fdt = "fdt@5"; + kernel = "kernel"; + fdt = "fdt-5"; }; foo-revb-bar-baz.dtb { - kernel = "kernel@1"; - fdt = "fdt@6"; + kernel = "kernel"; + fdt = "fdt-6"; }; }; }; @@ -117,7 +117,7 @@ explosion problem. /dts-v1/; / { images { - kernel@1 { + kernel { data = /incbin/("./zImage"); type = "kernel"; arch = "arm"; @@ -125,31 +125,31 @@ explosion problem. load = <0x82000000>; entry = <0x82000000>; }; - fdt@1 { + fdt-1 { data = /incbin/("./foo.dtb"); type = "flat_dt"; arch = "arm"; load = <0x87f00000>; }; - fdt@2 { + fdt-2 { data = /incbin/("./reva.dtbo"); type = "flat_dt"; arch = "arm"; load = <0x87fc0000>; }; - fdt@3 { + fdt-3 { data = /incbin/("./revb.dtbo"); type = "flat_dt"; arch = "arm"; load = <0x87fc0000>; }; - fdt@4 { + fdt-4 { data = /incbin/("./bar.dtbo"); type = "flat_dt"; arch = "arm"; load = <0x87fc0000>; }; - fdt@5 { + fdt-5 { data = /incbin/("./baz.dtbo"); type = "flat_dt"; arch = "arm"; @@ -160,34 +160,34 @@ explosion problem. configurations { default = "foo-reva.dtb; foo-reva.dtb { - kernel = "kernel@1"; - fdt = "fdt@1", "fdt@2"; + kernel = "kernel"; + fdt = "fdt-1", "fdt-2"; }; foo-revb.dtb { - kernel = "kernel@1"; - fdt = "fdt@1", "fdt@3"; + kernel = "kernel"; + fdt = "fdt-1", "fdt-3"; }; foo-reva-bar.dtb { - kernel = "kernel@1"; - fdt = "fdt@1", "fdt@2", "fdt@4"; + kernel = "kernel"; + fdt = "fdt-1", "fdt-2", "fdt-4"; }; foo-revb-bar.dtb { - kernel = "kernel@1"; - fdt = "fdt@1", "fdt@3", "fdt@4"; + kernel = "kernel"; + fdt = "fdt-1", "fdt-3", "fdt-4"; }; foo-revb-baz.dtb { - kernel = "kernel@1"; - fdt = "fdt@1", "fdt@3", "fdt@5"; + kernel = "kernel"; + fdt = "fdt-1", "fdt-3", "fdt-5"; }; foo-revb-bar-baz.dtb { - kernel = "kernel@1"; - fdt = "fdt@1", "fdt@3", "fdt@4", "fdt@5"; + kernel = "kernel"; + fdt = "fdt-1", "fdt-3", "fdt-4", "fdt-5"; }; bar { - fdt = "fdt@4"; + fdt = "fdt-4"; }; baz { - fdt = "fdt@5"; + fdt = "fdt-5"; }; }; }; diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt index 2ece4c47de..a765722679 100644 --- a/doc/uImage.FIT/signature.txt +++ b/doc/uImage.FIT/signature.txt @@ -83,7 +83,7 @@ Device Tree Bindings The following properties are required in the FIT's signature node(s) to allow the signer to operate. These should be added to the .its file. Signature nodes sit at the same level as hash nodes and are called -signature@1, signature@2, etc. +signature-1, signature-2, etc. - algo: Algorithm name (e.g. "sha1,rsa2048") @@ -118,9 +118,9 @@ For config bindings, these properties are added by the signer: - hashed-nodes: A list of nodes which were hashed by the signer. Each is a string - the full path to node. A typical value might be: - hashed-nodes = "/", "/configurations/conf@1", "/images/kernel@1", - "/images/kernel@1/hash@1", "/images/fdt@1", - "/images/fdt@1/hash@1"; + hashed-nodes = "/", "/configurations/conf-1", "/images/kernel", + "/images/kernel/hash-1", "/images/fdt-1", + "/images/fdt-1/hash-1"; - hashed-strings: The start and size of the string region of the FIT that was hashed @@ -178,44 +178,44 @@ As an example, consider this FIT: / { images { - kernel@1 { + kernel-1 { data = - signature@1 { + signature-1 { algo = "sha1,rsa2048"; value = <...kernel signature 1...> }; }; - kernel@2 { + kernel-2 { data = - signature@1 { + signature-1 { algo = "sha1,rsa2048"; value = <...kernel signature 2...> }; }; - fdt@1 { + fdt-1 { data = ; - signature@1 { + signature-1 { algo = "sha1,rsa2048"; vaue = <...fdt signature 1...> }; }; - fdt@2 { + fdt-2 { data = ; - signature@1 { + signature-1 { algo = "sha1,rsa2048"; vaue = <...fdt signature 2...> }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; + default = "conf-1"; + conf-1 { + kernel = "kernel-1"; + fdt = "fdt-1"; }; - conf@1 { - kernel = "kernel@2"; - fdt = "fdt@2"; + conf-1 { + kernel = "kernel-2"; + fdt = "fdt-2"; }; }; }; @@ -224,18 +224,18 @@ Since both kernels are signed it is easy for an attacker to add a new configuration 3 with kernel 1 and fdt 2: configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; + default = "conf-1"; + conf-1 { + kernel = "kernel-1"; + fdt = "fdt-1"; }; - conf@1 { - kernel = "kernel@2"; - fdt = "fdt@2"; + conf-1 { + kernel = "kernel-2"; + fdt = "fdt-2"; }; - conf@3 { - kernel = "kernel@1"; - fdt = "fdt@2"; + conf-3 { + kernel = "kernel-1"; + fdt = "fdt-2"; }; }; @@ -250,49 +250,49 @@ So the above example is adjusted to look like this: / { images { - kernel@1 { + kernel-1 { data = - hash@1 { + hash-1 { algo = "sha1"; value = <...kernel hash 1...> }; }; - kernel@2 { + kernel-2 { data = - hash@1 { + hash-1 { algo = "sha1"; value = <...kernel hash 2...> }; }; - fdt@1 { + fdt-1 { data = ; - hash@1 { + hash-1 { algo = "sha1"; value = <...fdt hash 1...> }; }; - fdt@2 { + fdt-2 { data = ; - hash@1 { + hash-1 { algo = "sha1"; value = <...fdt hash 2...> }; }; }; configurations { - default = "conf@1"; - conf@1 { - kernel = "kernel@1"; - fdt = "fdt@1"; - signature@1 { + default = "conf-1"; + conf-1 { + kernel = "kernel-1"; + fdt = "fdt-1"; + signature-1 { algo = "sha1,rsa2048"; value = <...conf 1 signature...>; }; }; - conf@2 { - kernel = "kernel@2"; - fdt = "fdt@2"; - signature@1 { + conf-2 { + kernel = "kernel-2"; + fdt = "fdt-2"; + signature-1 { algo = "sha1,rsa2048"; value = <...conf 1 signature...>; }; @@ -303,11 +303,11 @@ So the above example is adjusted to look like this: You can see that we have added hashes for all images (since they are no longer signed), and a signature to each configuration. In the above example, -mkimage will sign configurations/conf@1, the kernel and fdt that are -pointed to by the configuration (/images/kernel@1, /images/kernel@1/hash@1, -/images/fdt@1, /images/fdt@1/hash@1) and the root structure of the image +mkimage will sign configurations/conf-1, the kernel and fdt that are +pointed to by the configuration (/images/kernel-1, /images/kernel-1/hash-1, +/images/fdt-1, /images/fdt-1/hash-1) and the root structure of the image (so that it isn't possible to add or remove root nodes). The signature is -written into /configurations/conf@1/signature@1/value. It can easily be +written into /configurations/conf-1/signature-1/value. It can easily be verified later even if the FIT has been signed with other keys in the meantime. diff --git a/doc/uImage.FIT/source_file_format.txt b/doc/uImage.FIT/source_file_format.txt index 88663a161d..d2793a195d 100644 --- a/doc/uImage.FIT/source_file_format.txt +++ b/doc/uImage.FIT/source_file_format.txt @@ -102,15 +102,15 @@ Root node of the uImage Tree should have the following layout: | o images | | - | o image@1 {...} - | o image@2 {...} + | o image-1 {...} + | o image-2 {...} | ... | o configurations - |- default = "conf@1" + |- default = "conf-1" | - o conf@1 {...} - o conf@2 {...} + o conf-1 {...} + o conf-2 {...} ... @@ -142,7 +142,7 @@ Root node of the uImage Tree should have the following layout: This node is a container node for component sub-image nodes. Each sub-node of the '/images' node should have the following layout: - o image@1 + o image-1 |- description = "component sub-image description" |- data = /incbin/("path/to/data/file.bin") |- type = "sub-image type name" @@ -152,8 +152,8 @@ the '/images' node should have the following layout: |- load = <00000000> |- entry = <00000000> | - o hash@1 {...} - o hash@2 {...} + o hash-1 {...} + o hash-2 {...} ... Mandatory properties: @@ -183,14 +183,14 @@ the '/images' node should have the following layout: property of the root node. Mandatory for types: "standalone" and "kernel". Optional nodes: - - hash@1 : Each hash sub-node represents separate hash or checksum + - hash-1 : Each hash sub-node represents separate hash or checksum calculated for node's data according to specified algorithm. 5) Hash nodes ------------- -o hash@1 +o hash-1 |- algo = "hash or checksum algorithm name" |- value = [hash or checksum value] @@ -212,8 +212,8 @@ The 'configurations' node has has the following structure: o configurations |- default = "default configuration sub-node unit name" | - o config@1 {...} - o config@2 {...} + o config-1 {...} + o config-2 {...} ... @@ -231,7 +231,7 @@ o configurations Each configuration has the following structure: -o config@1 +o config-1 |- description = "configuration description" |- kernel = "kernel sub-node unit name" |- ramdisk = "ramdisk sub-node unit name" diff --git a/doc/uImage.FIT/x86-fit-boot.txt b/doc/uImage.FIT/x86-fit-boot.txt index 02238f9df8..88d3460a83 100644 --- a/doc/uImage.FIT/x86-fit-boot.txt +++ b/doc/uImage.FIT/x86-fit-boot.txt @@ -197,7 +197,7 @@ You can take a look at the resulting fit file if you like: $ dumpimage -l image.fit FIT description: Simple image with single Linux kernel on x86 Created: Tue Oct 7 10:57:24 2014 - Image 0 (kernel@1) + Image 0 (kernel) Description: Vanilla Linux kernel Created: Tue Oct 7 10:57:24 2014 Type: Kernel Image @@ -209,7 +209,7 @@ Created: Tue Oct 7 10:57:24 2014 Entry Point: 0x00000000 Hash algo: sha1 Hash value: 446b5163ebfe0fb6ee20cbb7a8501b263cd92392 - Image 1 (setup@1) + Image 1 (setup) Description: Linux setup.bin Created: Tue Oct 7 10:57:24 2014 Type: x86 setup.bin @@ -217,10 +217,10 @@ Created: Tue Oct 7 10:57:24 2014 Data Size: 12912 Bytes = 12.61 kB = 0.01 MB Hash algo: sha1 Hash value: a1f2099cf47ff9816236cd534c77af86e713faad - Default Configuration: 'config@1' - Configuration 0 (config@1) + Default Configuration: 'config-1' + Configuration 0 (config-1) Description: Boot Linux kernel - Kernel: kernel@1 + Kernel: kernel Booting the FIT -- 2.39.5