From patchwork Sun Dec 11 14:54:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pegorer Massimo X-Patchwork-Id: 1714616 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=vimar.com header.i=@vimar.com header.a=rsa-sha256 header.s=selector1 header.b=J+Y40Uor; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NVSTY2q5bz23np for ; Mon, 12 Dec 2022 01:54:41 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7F9938431A; Sun, 11 Dec 2022 15:54:32 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=vimar.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=vimar.com header.i=@vimar.com header.b="J+Y40Uor"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EE58985376; Sun, 11 Dec 2022 15:54:30 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on2052.outbound.protection.outlook.com [40.107.247.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 237D585225 for ; Sun, 11 Dec 2022 15:54:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=quarantine dis=none) header.from=vimar.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=Massimo.Pegorer@vimar.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ov+pZ3Io+uHTbCUbaRJoIlGWdLLMcapgFmogCn8FX33QdzYG6xebHVXcSRf1kD5f8LGi0AE4gXkSLfZwCbn7K8Q2ul2xP2jS3PEAMS4SY3cevrJJvIIKPDW2FABAuZCzOCfK/uDpnXjtZUsGYfZwM7Obb4PHE6edNEBy+lfbbHwjePOPjo0qgYj/oioYrtpKNOKWTyRohGWWfzCd/K0jrqo2HQFI5cMbheR2S/rVJxa6D0fAvns92NmGGts2lJE6Z+5Arl6tIrxp8dDVzaSa8Ecjl6XbXGnW5OKvF30ACWnSJS6+v7y8xxF3bKU+dkWoU2/i8oM4lIM33DF5OdqtnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MP7lGguWs7Jl7ysi7AnTBr0zZY/o4RhSH4bhoN5qTEA=; b=MsDMWBTs69urn21GzCaq+GJ0c1ny/ItO9nnrTQv40jRxoU9XrwoIE88xcJ3lZt+GIjrCuWpBiO5nfXOctPl68GlA+MSrhdyBLetzVy35bFTiBzQjuh3b4NI/m7gRFtvW2+CfeP1r1IsVvZlDJOjZP/iuxBhOFMaRK69q5esgeWXXg0iG/o2wz7R7KX+NAafbtR7DB7KJcEuDx11clgbwPYss65d3Ho1TXPxENtn6PTcM993dPHqNpd6p2ssTmlne6va7OYnzYODUC6ww1huqOg4FHB9emBtFfCfsjh4fILngubg+fI0u/A1cNaMO01m1+ki+XEKi0GKAcScBiSokqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vimar.com; dmarc=pass action=none header.from=vimar.com; dkim=pass header.d=vimar.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vimar.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MP7lGguWs7Jl7ysi7AnTBr0zZY/o4RhSH4bhoN5qTEA=; b=J+Y40Uor0eQDPwwzT2TBliRnXj1WfWDdFX3iq5NSaYt8OrQ3UorzQzYrXA1ioEiIiIF8AMM7R1/64U8O3Wu2ydRoqNZP9XcW+L2AX83xR2FHjQkV7RVIrIWOZOBxiOodqo+EP9Nytqo9RKEx1uUElwc997+lflxQoxk8tS4XXLo= Received: from GV1PR08MB8010.eurprd08.prod.outlook.com (2603:10a6:150:9a::6) by AS2PR08MB10265.eurprd08.prod.outlook.com (2603:10a6:20b:62f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.7; Sun, 11 Dec 2022 14:54:21 +0000 Received: from GV1PR08MB8010.eurprd08.prod.outlook.com ([fe80::4a6a:e198:7d81:c4e]) by GV1PR08MB8010.eurprd08.prod.outlook.com ([fe80::4a6a:e198:7d81:c4e%3]) with mapi id 15.20.5924.008; Sun, 11 Dec 2022 14:54:21 +0000 From: Pegorer Massimo To: Simon Glass , Sean Anderson , "u-boot@lists.denx.de" Subject: [PATCH] mkimage: fit: Support signed configurations in 'auto' FITs Thread-Topic: [PATCH] mkimage: fit: Support signed configurations in 'auto' FITs Thread-Index: AQHZDXBzhL3Ena5yXUGz34vQDQoHVQ== Date: Sun, 11 Dec 2022 14:54:21 +0000 Message-ID: References: In-Reply-To: Accept-Language: it-IT, en-US Content-Language: it-IT X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vimar.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR08MB8010:EE_|AS2PR08MB10265:EE_ x-ms-office365-filtering-correlation-id: e09f806d-6fc2-4c71-16cd-08dadb879652 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: FrXwSNjVmaS+S1ZbEBjWsI3GS44bMD98P8p7kB2UOWZLjlfrXoA7F8cU/jzEPMstE9xlGiQabnD0o0n3A5z5sx25+GGnCeFhriDXYuVslDJd/nLE3Hvly/h8Lz2wTvPNMpqPwmhXFP0oStvg4oRdsP7fWtzd5Zi1lMdkwdUkO4yZ19pssYIyF977y4s4eQZRXm5iGn6FSnzZfBNicJo+ZYW2LsJbV71OTJSAFuNW0LNf9QrspYiQfKSmGLgaXH22nU7R++gaEjdiOPizdEoSk3bNBJwsBMV5ExaXrALj9Aahjj1GXd8EDEAqGtveL5WByz/GCg1xhiH0CN325oAGV91WK0R9sAc2ufKDxlfEhQERP4u+ZfaOmoP97cnW3TyqJ7fnyKFTFjpkfrhGbDPI29hkQHYNoKIpvUX8NAXeuimQqxnOROAv/viQmpdcBya2JS6mvtFvA1+2Tjud14Wk0VqMgFdlj1tGemiFgA92liFFuHZ+LEzXKRk0EbWY492XQcMz4y+MQ5HRr+RDnkOUIUUO5l6e+Lu2ShC9Sr6Rj/rM1opNYa1lFT1/DhgItoanw4W9Y+lPl+4XeXdkEy2JoVrUNWsllyPZzMqtHW5X5fvN1pQCdu6emZjhlwwJD38zXn9sbBrS3mNy+ZGkmoJTqN4xFBePbJ59YpLf8EamqNR+FjOM5qjyyROwMD6m9azUhGaoyPZJGtE/V9RWzHW4kQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV1PR08MB8010.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(39850400004)(346002)(376002)(136003)(366004)(451199015)(55016003)(86362001)(33656002)(2906002)(478600001)(9686003)(7696005)(71200400001)(186003)(26005)(52536014)(6506007)(41300700001)(5660300002)(8676002)(8936002)(66556008)(66446008)(76116006)(66476007)(64756008)(110136005)(30864003)(66946007)(316002)(122000001)(38070700005)(38100700002)(83380400001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?SDkYBABt14QWxJRQNZC+1RSdfE7n?= =?utf-8?q?FBrRAP+JfACyA5jcPLWzeqAMhzA9Dz8TU/bLJTewvY4pAx+DFFcnzCtS4MbzuURcD?= =?utf-8?q?EHQq6eYwHBmcgSpEFuvKez+lsI93e6IZJ8i3gyG/3ipqKsjopY8NzNT6NBT1GCmkF?= =?utf-8?q?Ep3HsaiDsGhVFI5PtmFXCSvru8FwhFtx7f9sctVEUjCbGSVK/2t99QWq1MaY02W/5?= =?utf-8?q?xbZELPwTKbvhSRH6COR7MUEKZwCi6qc+ZOmobuXCKvvgU46niXAJaM49V/EFhK+N9?= =?utf-8?q?Mz7P3RykumoIk+qPCjYlY0Jm8CTvd1c4tgTQpMVOVVYNYdUxvUAlH3M/qrKMlABaZ?= =?utf-8?q?/Otu/2a2SuZ3/7YfzeJzmnspVwFofsHTBYS6dg5xOb0OgixC+8+Y3+bhSWO883tQQ?= =?utf-8?q?wJ2Q0X0lQsiaWbwxnxpn2EbrO2CzsQf5Nc+CsqBc3midFu5r1qzze8OnIbe61mKzR?= =?utf-8?q?dWYYckDacTycYA6js4msXSlZTClJfChPrONruUNfVuVVEzD4CA9dpkx+Vz1HLkjPh?= =?utf-8?q?jIG8zwXCJr+Z7HHl5Q9h8a1LxQWgXfIR0vuFMRyN6oEvrwKbjX7CqIGy4tkOepwK7?= =?utf-8?q?OYGfzEfX7TVcs4Pzf7BjC/ovzVkh1Fe/bUkFD3cgoaOZHaWD/oX+zEnn2gV584zkL?= =?utf-8?q?UW7FsvmK39ZQEEaoqlXWPRTsKuMGsP63UiJ+qlFtZT8dg3HbN8T5dBzvlEmz5p7/m?= =?utf-8?q?UDIJTN+VYkYWaO2HKKwzhut3YSmR16W1Mmhmn27uVgJk9Rvq0fY4iN1u1ew7GcEVu?= =?utf-8?q?uPH5HT5ZpWcsBOEhXOTYFYjrQHhNrJZOHQHL/A2s2gu3hTqjX4E/TxNIySzfMe3f3?= =?utf-8?q?y936SZsR8zX/K8wEmCHTWfvDmmrAXfxzQw9n2zgospyEFCEI3uLRG6vwx2oznXvTF?= =?utf-8?q?SnvJq2PpstixiveoI1UD1gbGbZQ5BSa7k89hEvysG3MFxX6TJNtUrBqBz8pnVS5/e?= =?utf-8?q?mAhP8CkktbLmXZ0p5V+Y4v7bsxP7BzUpiEI20LnCxfrp0eek9PAR0cH5b9g8rHYCe?= =?utf-8?q?Q1Y3tXIEWY+lb000jXq/keyDF3iHeVvugIQwTdEaxtdZG/nTkd/Pb7/GPyKG3YiCi?= =?utf-8?q?IH0F+MODcyzxkIC0SGXxImuDK24Nl9ADHMfXesCmMb4tDB0be4zBTy8FphkbRLxH3?= =?utf-8?q?E4qc47Qe6KY6usklvUjPfC3q2WxmgwRtpKGtICGu3uHbnB3f389+llN0HCsPwxyHd?= =?utf-8?q?qEHM8qleqgU+WxcI6qGYLjJ9k/nIFJkAuR01DcdXeyLupHpxGVq0b6cHaEFRsE1eO?= =?utf-8?q?BypYxDo6wU6JdQV99INrd2UkUofWlUmXK66OW96nGPQcbknNb4h23twy7FNSMBIy4?= =?utf-8?q?7UdrwrHvpEQWvOQEFlbVr3fPlftAvpDYR4agNQWd3c3fJQUBodpVY09F3FpNmGf8e?= =?utf-8?q?BzPV455GxSiE7tX0P9LX1lWGs4AuYu4o+tmUiwq3mKepGEiTB2XDFfq6wtEvTpgci?= =?utf-8?q?X7Y2kH7hj9VxYdIwohYG0duk4Scp559IGMYa5SSs2zO9yhfUMnKbFeT8uX3omTxuE?= =?utf-8?q?9coCRIh5z76T?= MIME-Version: 1.0 X-OriginatorOrg: vimar.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR08MB8010.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e09f806d-6fc2-4c71-16cd-08dadb879652 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2022 14:54:21.4751 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a1f008bc-d59b-4c66-8f87-60fd9af15c7f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dicH7GVq41efcg+RDUsyhJWnVy018WkNbnO/gJ0bbqdDZS3+iqykYJMYMOmrXtyUiEKu1wZmtSuHAvXaC1x/O4J/lw5Yvwg6zGy1bn2IKB0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR08MB10265 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Hi, The patch follows, as per discussion in email thread "Patch proposal - mkimage: fit: Support signed conf 'auto' FITs". Let me know if you prefer something to be changed, or patch to be split in several commits. I have updated the man page with description of the new feature and examples. Also fixed some wrong or misleading information. === mkimage: fit: Support signed configurations in 'auto' FITs Extend support for signing in auto-generated (-f auto) FIT. Previously, it was possible to get signed 'images' subnodes in the FIT using options -g and -o together with -f auto. This patch allows signing 'configurations' subnodes instead of 'images' ones (which are hashed), using option -f auto-conf instead of -f auto. Adding also -K and -r options, will add public key to file with required = "conf" property. Summary: -f auto => FIT with crc32 images -f auto -g ... -o ... => FIT with signed images -f auto-conf -g ... -o ... => FIT with sha1 images and signed confs Example: FIT with kernel, two device tree files, and signed configurations; public key (needed to verify signatures) is added to u-boot.dtb with required = "conf" property. mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \ -e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \ -k /folder/with/key-files -g keyname -o sha256,rsa4096 \ -K u-boot.dtb -r kernel.itb Example: Add public key with required = "conf" property to u-boot.dtb without needing to sign anything. This will also create a useless FIT named unused.itb. mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \ -g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb Signed-off-by: Massimo Pegorer --- doc/mkimage.1 | 119 ++++++++++++++++++++++++++++++++-------------- tools/fit_image.c | 75 +++++++++++++++++++---------- tools/imagetool.h | 10 +++- tools/mkimage.c | 23 +++++++-- 4 files changed, 160 insertions(+), 67 deletions(-) diff --git a/doc/mkimage.1 b/doc/mkimage.1 index 353ea8b2f7..d8727ec73c 100644 --- a/doc/mkimage.1 +++ b/doc/mkimage.1 @@ -22,7 +22,8 @@ mkimage \- generate images for U-Boot .SY mkimage .RI [ option\~ .\|.\|.\&] .BI \-f\~ image-tree-source-file\c -.RB | auto +.RB | auto\c +.RB | auto-conf .I image-file-name .YS . @@ -296,9 +297,9 @@ FIT. See for details on using external data. . .TP -\fB\-f \fIimage-tree-source-file\fR | \fBauto +\fB\-f \fIimage-tree-source-file\fR | \fBauto\fR | \fBauto-conf .TQ -\fB\-\-fit \fIimage-tree-source-file\fR | \fBauto +\fB\-\-fit \fIimage-tree-source-file\fR | \fBauto\fR | \fBauto-conf Image tree source file that describes the structure and contents of the FIT image. .IP @@ -317,7 +318,25 @@ and options may be used to specify the image to include in the FIT and its attributes. No .I image-tree-source-file -is required. +is required. The +.BR \-g , +.BR \-o , +and +.B \-k +or +.B \-G +options may be used to get \(oqimages\(cq signed subnodes in the generated +auto FIT. Instead, to get \(oqconfigurations\(cq signed subnodes and +\(oqimages\(cq hashed subnodes, pass +.BR "\-f auto-conf". +In this case +.BR \-g , +.BR \-o , +and +.B \-k +or +.B \-G +are mandatory options. . .TP .B \-F @@ -348,16 +367,16 @@ for use with signing, and a certificate necessary when embedding it into another device tree using .BR \-K . .I name -defaults to the value of the signature node's \(oqkey-name-hint\(cq property, -but may be overridden using -.BR \-g . +is the value of the signature node's \(oqkey-name-hint\(cq property. . .TP .BI \-G " key-file" .TQ .BI \-\-key\-file " key-file" Specifies the private key file to use when signing. This option may be used -instead of \-k. +instead of \-k. Useful when the private key file basename does not match +\(oqkey-name-hint\(cq value. But note that it may lead to unexpected results +when used together with -K and/or -k options. . .TP .BI \-K " key-destination" @@ -373,49 +392,50 @@ CONFIG_OF_CONTROL in U-Boot. .BI \-g " key-name-hint" .TQ .BI \-\-key\-name\-hint " key-name-hint" -Overrides the signature node's \(oqkey-name-hint\(cq property. This is -especially useful when signing an image with -.BR "\-f auto" . -This is the -.I name -part of the key. The directory part is set by -.BR \-k . -This option also indicates that the images included in the FIT should be signed. -If this option is specified, then +Specifies the value of signature node \(oqkey-name-hint\(cq property for +an automatically generated FIT image. It makes sense only when used with +.B "\-f auto" +or +.BR "\-f auto-conf". +This option also indicates that the images or configurations included in +the FIT should be signed. If this option is specified, then .B \-o must be specified as well. . .TP -.BI \-o " crypto" , checksum +.BI \-o " checksum" , crypto .TQ -.BI \-\-algo " crypto" , checksum -Specifies the algorithm to be used for signing a FIT image. The default is -taken from the signature node's \(oqalgo\(cq property. +.BI \-\-algo " checksum" , crypto +Specifies the algorithm to be used for signing a FIT image, overriding value +taken from the signature node \(oqalgo\(cq property in the +.IR image-tree-source-file . +It is mandatory for automatically generated FIT. +.IP The valid values for -.I crypto +.I checksum are: .RS .IP .TS lb. -rsa2048 -rsa3072 -rsa4096 -ecdsa256 +sha1 +sha256 +sha384 +sha512 .TE .RE .IP The valid values for -.I checksum -are +.I crypto +are: .RS .IP .TS lb. -sha1 -sha256 -sha384 -sha512 +rsa2048 +rsa3072 +rsa4096 +ecdsa256 .TE .RE . @@ -423,9 +443,13 @@ sha512 .B \-r .TQ .B \-\-key\-required -Specifies that keys used to sign the FIT are required. This means that they -must be verified for the image to boot. Without this option, the verification -will be optional (useful for testing but not for release). +Specifies that keys used to sign the FIT are required. This means that images +or configurations signatures must be verified before using them (i.e. to +boot). Without this option, the verification will be optional (useful for +testing but not for release). It makes sense only when used with +.BR \-K. +When both, images and configurations, are signed, \(oqrequired\(cq property +value will be "conf". . .TP .BI \-N " engine" @@ -716,7 +740,7 @@ skipping those for which keys cannot be found. Also add a comment. .EE .RE .P -Add public keys to u\-boot.dtb without needing a FIT to sign. This will also +Add public key to u\-boot.dtb without needing a FIT to sign. This will also create a FIT containing an images node with no data named unused.itb. .RS .P @@ -726,6 +750,16 @@ create a FIT containing an images node with no data named unused.itb. .EE .RE .P +Add public key with required = "conf" property to u\-boot.dtb without needing +a FIT to sign. This will also create a useless FIT named unused.itb. +.RS +.P +.EX +\fBmkimage \-f auto-conf \-d /dev/null \-k /public/signing\-keys \-g dev \\ + \-o sha256,rsa2048 \-K u\-boot.dtb -r unused.itb +.EE +.RE +.P Update an existing FIT image, signing it with additional keys. Add corresponding public keys into u\-boot.dtb. This will resign all images with keys that are available in the new directory. Images that request signing @@ -768,6 +802,19 @@ file is required. \-d vmlinuz \-k /secret/signing\-keys \-g dev \-o sha256,rsa2048 kernel.itb .EE .RE +.P +Create a FIT image containing a kernel and some device tree files, signing +each configuration, using automatic mode. Moreover, the public key needed to +verify signatures is added to u\-boot.dtb with required = "conf" property. +.RS +.P +.EX +\fBmkimage \-f auto-conf \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \\ + \-e 0 \-d vmlinuz \-b /path/to/file\-1.dtb \-b /path/to/file\-2.dtb \\ + \-k /folder/with/signing\-keys \-g dev \-o sha256,rsa2048 \\ + \-K u\-boot.dtb -r kernel.itb +.EE +.RE . .SH SEE ALSO .BR dtc (1), diff --git a/tools/fit_image.c b/tools/fit_image.c index 923a9755b7..d15a377779 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -199,36 +199,59 @@ static void get_basename(char *str, int size, const char *fname) } /** - * add_hash_node() - Add a hash or signature node + * fit_add_hash_or_sign() - Add a hash or signature node * * @params: Image parameters * @fdt: Device tree to add to (in sequential-write mode) + * @is_images_subnode: true to add hash even if key name hint is provided * - * If there is a key name hint, try to sign the images. Otherwise, just add a - * CRC. - * - * Return: 0 on success, or -1 on failure + * If do_add_hash is false (default) and there is a key name hint, try to add + * a sign node to parent. Otherwise, just add a CRC. Rationale: if conf have + * to be signed, image/dt have to be hashed even if there is a key name hint. */ -static int add_hash_node(struct image_tool_params *params, void *fdt) +static void fit_add_hash_or_sign(struct image_tool_params *params, void *fdt, + bool is_images_subnode) { - if (params->keyname) { - if (!params->algo_name) { - fprintf(stderr, - "%s: Algorithm name must be specified\n", - params->cmdname); - return -1; + const char *hash_algo = "crc32"; + bool do_hash = false; + bool do_sign = false; + + switch (params->auto_fit) { + case AF_OFF: + break; + case AF_HASHED_IMG: + do_hash = is_images_subnode; + break; + case AF_SIGNED_IMG: + do_sign = is_images_subnode; + break; + case AF_SIGNED_CONF: + if (is_images_subnode) { + do_hash = true; + hash_algo = "sha1"; + } else { + do_sign = true; } + break; + default: + fprintf(stderr, + "%s: Unsupported auto FIT mode %u\n", + params->cmdname, params->auto_fit); + break; + } + + if (do_hash) { + fdt_begin_node(fdt, FIT_HASH_NODENAME); + fdt_property_string(fdt, FIT_ALGO_PROP, hash_algo); + fdt_end_node(fdt); + } - fdt_begin_node(fdt, "signature-1"); + if (do_sign) { + fdt_begin_node(fdt, FIT_SIG_NODENAME); fdt_property_string(fdt, FIT_ALGO_PROP, params->algo_name); fdt_property_string(fdt, FIT_KEY_HINT, params->keyname); - } else { - fdt_begin_node(fdt, "hash-1"); - fdt_property_string(fdt, FIT_ALGO_PROP, "crc32"); + fdt_end_node(fdt); } - - fdt_end_node(fdt); - return 0; } /** @@ -269,9 +292,7 @@ static int fit_write_images(struct image_tool_params *params, char *fdt) ret = fdt_property_file(params, fdt, FIT_DATA_PROP, params->datafile); if (ret) return ret; - ret = add_hash_node(params, fdt); - if (ret) - return ret; + fit_add_hash_or_sign(params, fdt, true); fdt_end_node(fdt); /* Now the device tree files if available */ @@ -294,7 +315,7 @@ static int fit_write_images(struct image_tool_params *params, char *fdt) genimg_get_arch_short_name(params->arch)); fdt_property_string(fdt, FIT_COMP_PROP, genimg_get_comp_short_name(IH_COMP_NONE)); - ret = add_hash_node(params, fdt); + fit_add_hash_or_sign(params, fdt, true); if (ret) return ret; fdt_end_node(fdt); @@ -314,7 +335,7 @@ static int fit_write_images(struct image_tool_params *params, char *fdt) params->fit_ramdisk); if (ret) return ret; - ret = add_hash_node(params, fdt); + fit_add_hash_or_sign(params, fdt, true); if (ret) return ret; fdt_end_node(fdt); @@ -366,6 +387,7 @@ static void fit_write_configs(struct image_tool_params *params, char *fdt) snprintf(str, sizeof(str), FIT_FDT_PROP "-%d", upto); fdt_property_string(fdt, FIT_FDT_PROP, str); + fit_add_hash_or_sign(params, fdt, false); fdt_end_node(fdt); } @@ -378,6 +400,7 @@ static void fit_write_configs(struct image_tool_params *params, char *fdt) if (params->fit_ramdisk) fdt_property_string(fdt, FIT_RAMDISK_PROP, FIT_RAMDISK_PROP "-1"); + fit_add_hash_or_sign(params, fdt, false); fdt_end_node(fdt); } @@ -721,7 +744,7 @@ static int fit_handle_file(struct image_tool_params *params) sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX); /* We either compile the source file, or use the existing FIT image */ - if (params->auto_its) { + if (params->auto_fit) { if (fit_build(params, tmpfile)) { fprintf(stderr, "%s: failed to build FIT\n", params->cmdname); @@ -905,7 +928,7 @@ static int fit_extract_contents(void *ptr, struct image_tool_params *params) static int fit_check_params(struct image_tool_params *params) { - if (params->auto_its) + if (params->auto_fit) return 0; return ((params->dflag && params->fflag) || (params->fflag && params->lflag) || diff --git a/tools/imagetool.h b/tools/imagetool.h index ca7c2e48ba..fdceea46c0 100644 --- a/tools/imagetool.h +++ b/tools/imagetool.h @@ -39,6 +39,14 @@ struct content_info { const char *fname; }; +/* FIT auto generation modes */ +enum af_mode { + AF_OFF = 0, /* Needs .its or existing FIT to be provided */ + AF_HASHED_IMG, /* Auto FIT with crc32 hashed images subnodes */ + AF_SIGNED_IMG, /* Auto FIT with signed images subnodes */ + AF_SIGNED_CONF, /* Auto FIT with sha1 images and signed configs */ +}; + /* * This structure defines all such variables those are initialized by * mkimage and dumpimage main core and need to be referred by image @@ -79,7 +87,7 @@ struct image_tool_params { int require_keys; /* 1 to mark signing keys as 'required' */ int file_size; /* Total size of output file */ int orig_file_size; /* Original size for file before padding */ - bool auto_its; /* Automatically create the .its file */ + enum af_mode auto_fit; /* Automatically create the FIT */ int fit_image_type; /* Image type to put into the FIT */ char *fit_ramdisk; /* Ramdisk file to include */ struct content_info *content_head; /* List of files to include */ diff --git a/tools/mkimage.c b/tools/mkimage.c index 30c6df7708..75b72420b9 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -104,7 +104,7 @@ static void usage(const char *msg) " -v ==> verbose\n", params.cmdname); fprintf(stderr, - " %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b [-b ]] [-E] [-B size] [-i ] fit-image\n" + " %s [-D dtc_options] [-f fit-image.its|-f auto|-f auto-conf|-F] [-b [-b ]] [-E] [-B size] [-i ] fit-image\n" " file is used with -f auto, it may occur multiple times.\n", params.cmdname); fprintf(stderr, @@ -271,7 +271,10 @@ static void process_args(int argc, char **argv) break; case 'f': datafile = optarg; - params.auto_its = !strcmp(datafile, "auto"); + if (!strcmp(datafile, "auto")) + params.auto_fit = AF_HASHED_IMG; + else if (!strcmp(datafile, "auto-conf")) + params.auto_fit = AF_SIGNED_CONF; /* fallthrough */ case 'F': /* @@ -283,6 +286,7 @@ static void process_args(int argc, char **argv) break; case 'g': params.keyname = optarg; + break; case 'G': params.keyfile = optarg; break; @@ -370,6 +374,17 @@ static void process_args(int argc, char **argv) if (optind < argc) params.imagefile = argv[optind]; + if (params.auto_fit == AF_SIGNED_CONF) { + if (!params.keyname || !params.algo_name) + usage("Auto FIT with signed configs requires -f auto-conf " + "-g -o "); + } else if (params.auto_fit == AF_HASHED_IMG && params.keyname) { + params.auto_fit = AF_SIGNED_IMG; + if (!params.algo_name) + usage("Auto FIT with signed images requires -f auto " + "-g -o "); + } + /* * For auto-generated FIT images we need to know the image type to put * in the FIT, which is separate from the file's image type (which @@ -377,8 +392,8 @@ static void process_args(int argc, char **argv) */ if (params.type == IH_TYPE_FLATDT) { params.fit_image_type = type ? type : IH_TYPE_KERNEL; - /* For auto_its, datafile is always 'auto' */ - if (!params.auto_its) + /* For auto-FIT, datafile has to be provided with -d */ + if (!params.auto_fit) params.datafile = datafile; else if (!params.datafile) usage("Missing data file for auto-FIT (use -d)");