aboutsummaryrefslogtreecommitdiff
path: root/tools/kwbimage.c
AgeCommit message (Collapse)Author
2019-05-03kwbimage: fixing the issue with proper return code checkingYoung Xiao
EVP_VerifyFinal would return one of three values: 1 if the data is verified to be correct; 0 if it is incorrect; -1 if there is any failure in the verification process. The varification in unpatched version is wrong, since it ignored the return value of -1. The bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA ans ECDSA keys used with SSL/TLS. This issue is similar to CVE-2008-5077, CVE-2009-0021, CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049. Signed-off-by: Young Xiao <92siuyang@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
2019-04-12tools: kwbimage: don't adjust for image_header for Armada MSYSChris Packham
For the time being the Armada MSYS SoCs need to use the bin_hdr from the Marvell U-Boot. Because of this the binary.0 does not contain the image header that a proper u-boot SPL would so the adjustment introduced by commit 94084eea3bd3 ("tools: kwbimage: Fix dest addr") does not apply. Signed-off-by: Chris Packham <judge.packham@gmail.com> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-03-30kwbimage: Fix out of bounds accessAlexander Graf
The kwbimage format is reading beyond its header structure if it misdetects a Xilinx Zynq image and tries to read it. Fix it by sanity checking that the header we want to read fits inside our file size. Signed-off-by: Alexander Graf <agraf@suse.de> Tested-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2018-02-23tools/kwbimage: fix LibreSSL buildJonathan Gray
Fix build after addition of RSA_get0_key() to LibreSSL. Patch from Theo Buehler and Stuart Henderson. Signed-off-by: Theo Buehler <tb@openbsd.org> Signed-off-by: Stuart Henderson <sthen@openbsd.org>
2017-07-12tools/kwbimage: fix v1 header verificationBaruch Siach
The verify_header callback in kwbimage.c only verifies v0 headers checksum. Running 'mkimage -l' on a v1 image gives the following misleading output: GP Header: Size ae000000 LoadAddr 34160600 Implement support for v1 headers. For that, factor out the header checksum code to a separate main_hdr_checksum_ok() routine. This routine relies on the fact that the checksum field offset is the same in both v0 and v1 headers. With this patch applied 'mkimage -l' correctly identifies the image: Image Type: MVEBU Boot from sdio Image Image version:1 Data Size: 398904 Bytes = 389.55 KiB = 0.38 MiB Load Address: 007fffc0 Entry Point: 00800000 Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Stefan Roese <sr@denx.de>
2017-06-09tools/kwbimage: Support building with LibreSSLMarek Behún
The kwbimage utility fails to compile when LibreSSL is present on the host system instead of OpenSSL. This one-line patch resolves this. Signed-off-by: Marek Behun <marek.behun@nic.cz>
2017-05-31arm: mvebu: kwbimage: inline function to fix use-after-freePatrick Wildt
image_version_file()'s only use is to return the version number of the specified image, and it's only called by kwbimage_generate(). This version function mallocs "image_cfg" and reads the contents of the image into that buffer. Before return to its caller it frees the buffer. After extracting the version, kwb_image_generate() tries to calculate the header size by calling image_headersz_v1(). This function now accesses "image_cfg", which has already been freed. Since image_version_file() is only used by a single function, inline it into kwbimage_generate() and only free the buffer after it is no longer needed. This also improves code readability since the code is mostly equal to kwbimage_set_header(). Signed-off-by: Patrick Wildt <patrick@blueri.se> Signed-off-by: Stefan Roese <sr@denx.de>
2017-05-12tools: kwbimage fix build with OpenSSL 1.1.xJelle van der Waa
The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be called to reinitialise an already created structure. Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2017-02-17tools: kwbimage: Fix unchecked return value and fd leakMario Six
The return value of fstat was not checked in kwbimage, and in the case of an error, the already open file was not closed. Fix both errors. Reported-by: Coverity (CID: 155971) Reported-by: Coverity (CID: 155969) Signed-off-by: Mario Six <mario.six@gdsys.cc> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01arm: mvebu: Implement secure bootMario Six
The patch implements secure booting for the mvebu architecture. This includes: - The addition of secure headers and all needed signatures and keys in mkimage - Commands capable of writing the board's efuses to both write the needed cryptographic data and enable the secure booting mechanism - The creation of convenience text files containing the necessary commands to write the efuses The KAK and CSK keys are expected to reside in the files kwb_kak.key and kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory. Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc> Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Refactor line parsing and fix errorMario Six
The function image_create_config_parse_oneline is pretty complex, and since more parameters will be added to support secure booting, we refactor the function to make it more readable. Also, when a line contained just a keyword without any parameters, strtok_r returned NULL, which was then indiscriminately fed into atoi, causing a segfault. To correct this, we add a NULL check before feeding the extracted token to atoi, and print an error message in case the token is NULL. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Factor out add_binary_header_v1Mario Six
In preparation of adding the creation of secure headers, we factor the add_binary_header_v1 function out of the image_create_v1 function. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Remove unused parameterMario Six
The parameter 'params' of the image_headersz_v1 function is never used by the function. Hence, remove it. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Reduce scope of variablesMario Six
This patch reduces the scope of some variables. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Fix arithmetic with void pointersMario Six
Arithmetic with void pointers, e.g. a - b where both a and b are void pointers, is undefined in the C standard. Since we are operating with byte data here, we switch the void pointers to uint8_t pointers, and add the necessary casts. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Fix style violationsMario Six
Fix some style violations: - nine instances of missing blank lines after declarations - one overly long line - one split string (which also rewords an error message more concisely) - two superfluous else Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01tools: kwbimage: Fix dest addrMario Six
To enable secure boot, we need to jump back into the BootROM to continue the SoC's boot process instead of letting the SPL load and run the main U-Boot image. But, since the u-boot-spl.img (including the 64 byte header) is loaded by the SoC as the main image, we need to compensate for the header length to get a correct entry point. Thus, we subtract the header size from the destination address, so that the execution address points at the actual entry point of the image. The current boards ignore both parameters anyway, so this change shouldn't concern them. Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01tools/kwbimage: add DEBUG optionChris Packham
Offset 0x1 in the generated kwb image file is a set of flags, bit 0 enables debug output from the BootROM firmware. Allow a DEBUG option in the kwb configuration to request debug output from the BootROM firmware. Signed-off-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01tools/kwbimage: add BAUDRATE optionChris Packham
Offset 0x18 in some Marvell datasheets this field is redacted as "reserved". This offset is actually a set of options and bits 2:0 allow the selection of the UART baudrate. Allow a BAUDRATE option to set the UART baudrate for any messages coming from the BootROM firmware. Signed-off-by: Chris Packham <judge.packham@gmail.com> Signed-off-by: Stefan Roese <sr@denx.de>
2015-11-29tools/kwbimage: fix size computations for v1 imagesReinhard Pfau
Fix computation of haeder size and binary header size. Size of opt header and some 32bit values were not taken into account. This could result in invalid boot images (due to the wrong binary header size, the image could claim to have another extension header after the binary extension although there is none). Use "uint32_t" instead of "unsigned int" for header size computation. Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Cc: Luka Perkov <luka.perkov@sartura.hr>
2015-11-29tools/kwbimage: fix endianess issueReinhard Pfau
KWB image header values are in little endian (LE). So adding appropriate cpu_to_leXX() calls to allow building those images on BE hosts, too. Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de>
2015-11-29tools/kwbimage.c: Make sure that the resulting image is 4-byte alignedStefan Roese
With the dtb added to the main U-Boot image, it can happen, that the resulting image is not 4-byte aligned. As the dtb tends to be unaligned. But the image needs to be 4-byte aligned. At least the Marvell hdrparser tool complains if its unaligned. By returning 1 here in kwbimage_generate(), called via tparams->vrec_header() in mkimage.c, mkimage will automatically pad the resulting image to a 4-byte size if necessary. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Luka Perkov <luka.perkov@sartura.hr> Cc: Dirk Eibach <eibach@gdsys.de>
2015-11-17tools/kwbimage.c: Fix generation of binary headerStefan Roese
The binary header ends with one lword, defining if another header follows this one. This additions 4 bytes need to be taken into account in the generation of the header size. And the complete 4 bytes at the end of this binary header need to get cleared. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Luka Perkov <luka.perkov@sartura.hr> Cc: Kevin Smith <kevin.smith@elecsyscorp.com>
2015-10-21kwbimage: Align payload size to 4 bytesStefan Roese
The MVEBU BootROM does not allow non word aligned payloads. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Luka Perkov <luka.perkov@sartura.hr>
2015-10-01tools: kwboot: Add support for UART boot mode patching for Armada XP/38xStefan Roese
Currently, kwboot only allows dynamic UART boot mode patching for SoCs with header version 0 (Orion, Kirkwood). This patch now enables this "-p" feature also for SoCs with header version 1 (Armada XP / 38x etc). With this its possible now to use the UART boot mode without on images that are generated for other boot devices, like SPI. So no need to change BOOT_FROM to "uart" for UART xmodem booting any more. Signed-off-by: Stefan Roese <sr@denx.de> Tested-by: Kevin Smith <kevin.smith@elecsyscorp.com> Cc: Luka Perkov <luka.perkov@sartura.hr> Cc: Dirk Eibach <eibach@gdsys.de>
2015-07-24kwbimage: Rename CONFIG_SYS_SPI_U_BOOT_OFFS to CONFIG_SYS_U_BOOT_OFFSStefan Roese
To use this offset for other boot device (like SDIO/MMC), lets rename it to a more generic name. This will be used be the SDIO/MMC SPL boot support for the A38x. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Luka Perkov <luka.perkov@sartura.hr> Cc: Dirk Eibach <eibach@gdsys.de>
2015-07-24kwbimage: Add support for SDIO/MMC boot device selectionStefan Roese
This patch adds support to select the "sdio" as boot device in the kwbimage.cfg file. This line selects this SDIO device: BOOT_FROM sdio Tested on Marvell DB-88F6820-GP board. Signed-off-by: Stefan Roese <sr@denx.de> Cc: Luka Perkov <luka.perkov@sartura.hr> Cc: Dirk Eibach <eibach@gdsys.de>
2015-06-14tools/kwbimage.c: Correct header size for SPI bootKevin Smith
If defined, the macro CONFIG_SYS_SPI_U_BOOT_OFFS allows a board to specify the offset of the payload image into the kwb image file. This value was being used to locate the image, but was not used in the "header size" field of the main header. Move the use of this macro into the function that returns the header size so that the same value is used in all places. Signed-off-by: Kevin Smith <kevin.smith@elecsyscorp.com> Tested-by: Stefan Roese <sr@denx.de>
2015-03-05kwbimage: align v1 binary header to 4BChris Packham
According to the Armada-XP documentation the binary header format requires the header length to be aligned to 4B. Signed-off-by: Chris Packham <judge.packham@gmail.com> Acked-by: Stefan Roese <sr@denx.de> Acked-by: Prafulla Wadaskar <prafulla@marvell.com>
2015-02-07kwbimage: Make the Makefile pass in CONFIG_SYS_SPI_U_BOOT_OFFSTom Rini
We can't use config.h directly as some platforms include headers that aren't safe to use in normal Linux userland. Signed-off-by: Tom Rini <trini@ti.com>
2015-02-06tools: kwbimage: Support u-boot.img padding to CONFIG_SYS_SPI_U_BOOT_OFFSStefan Roese
This is used on the AXP boards, to pad u-boot.img to the desired offset in SPI flash (only this boot target supported right now). This offset is used by the SPL then to load u-boot.img into SDRAM and execute it there. Signed-off-by: Stefan Roese <sr@denx.de> Reviewed-by: Luka Perkov <luka.perkov@sartura.hr>
2015-01-29imagetool: replace image registration function by linker_lists featureGuilherme Maciel Ferreira
The registration was introduced in commit f86ed6a8d52c99bb2d17d3cac1647edca0c4399c This commit also removes all registration functions, and the member "next" from image_type_params struct Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-11tools/kwbimage.c: fix parser error handlingAndreas Bießmann
The two error checks for image_boot_mode_id and image_nand_ecc_mode_id where wrong and would never fail, fix that! This was detected by Apple's clang compiler: ---8<--- HOSTCC tools/kwbimage.o tools/kwbimage.c:553:20: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare] if (el->bootfrom < 0) { ~~~~~~~~~~~~ ^ ~ tools/kwbimage.c:571:23: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare] if (el->nandeccmode < 0) { ~~~~~~~~~~~~~~~ ^ ~ 2 warnings generated. --->8--- Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Acked-By: Jeroen Hofstee <jeroen@myspectrum.nl>
2015-01-10fix: tools: kwbimage.c: Initialize headersz to suppress warningŁukasz Majewski
When building with my toolchain (4.8.2): CROSS_COMPILE=/home/lukma/work/ptxdist/toolchains/arm/OSELAS.Toolchain-2013.12.0/arm-v7a-linux-gnueabi/gcc-4.8.2-glibc-2.18-binutils-2.24-kernel-3.12-sanitized/bin/arm-v7a-linux-gnueabi- I see following WARNING: tools/kwbimage.c: In function "kwbimage_set_header": tools/kwbimage.c:803:8: warning: "headersz" may be used uninitialized in this function [-Wmaybe-uninitialized] memcpy(ptr, image, headersz); ^ This fix aims to suppress it. Signed-off-by: Lukasz Majewski <l.majewski@samsung.com> Acked-by: Stefan Roese <sr@denx.de> Acked-by: Heiko Schocher <hs@denx.de>
2014-11-04ARM: kwimage: fix v0 formatGerald Kerma
This patch fix the kwimage tools for version 0 fileformat used for kirkwood Tested on sheevaplug Signed-off-by: Gerald Kerma <drEagle@doukki.net> Tested-by: Stefan Roese <sr@denx.de> Reviewed-by: Stefan Roese <sr@denx.de> Acked-By: Prafulla Wadaskar <prafulla@marvell.com>
2014-10-31tools/kwbimage: Fix compilation warningStefan Roese
This patch fixes a compilation warning of kwbimage.c: tools/kwbimage.c: In function ‘kwbimage_set_header’: tools/kwbimage.c:784:8: warning: ‘headersz’ may be used uninitialized in this function [-Wmaybe-uninitialized] memcpy(ptr, image, headersz); ^ Instead of using multiple if statements, use a switch statement with a default entry. And return with error if an unsupported version is configured in the cfg file. Signed-off-by: Stefan Roese <sr@denx.de> Acked-By: Wolfgang Denk <wd@denx.de>
2014-10-31tools/kwbimage.c: fix build on darwinAndreas Bießmann
kwbimage uses get_current_dir_name(3) which is a gnu extension and not available on darwin host. Fix this by converting to portable getcwd(3) function. This patch fixes the following error: ---8<--- HOSTCC tools/kwbimage.o tools/kwbimage.c:399:16: warning: implicit declaration of function 'get_current_dir_name' is invalid in C99 [-Wimplicit-function-declaration] char *cwd = get_current_dir_name(); ^ tools/kwbimage.c:399:10: warning: incompatible integer to pointer conversion initializing 'char *' with an expression of type 'int' [-Wint-conversion] char *cwd = get_current_dir_name(); ^ ~~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. ... Undefined symbols for architecture x86_64: "_get_current_dir_name", referenced from: _image_headersz_v1 in kwbimage.o ld: symbol(s) not found for architecture x86_64 --->8--- Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com> Cc: Stefan Roese <sr@denx.de> Acked-by: Stefan Roese <sr@denx.de> [agust: fixed getcwd() return warning] Signed-off-by: Anatolij Gustschin <agust@denx.de>
2014-10-23tools: kwbimage: Add image version 1 support for Armada XP / 370Stefan Roese
This patch integrates the Barebox version of this kwbimage.c file into U-Boot. As this version supports the image version 1 type for the Armada XP / 370 SoCs. It was easier to integrate the existing and known to be working Barebox source than to update the current U-Boot version to support this v1 image header format. Now all Marvell MVEBU SoCs are supported: Image type 0: Kirkwood & Dove Image type 1: Armada 370 & Armada XP Please note that the current v1 support has this restuction (same as has Barebox version): Not implemented: support for the register headers and secure headers in v1 images Tested on Marvell DB-78460-BP eval board. Signed-off-by: Stefan Roese <sr@denx.de> Tested-by: Luka Perkov <luka@openwrt.org>
2013-12-13tools: moved code common to all image tools to a separated module.Guilherme Maciel Ferreira
In order to avoid duplicating code and keep only one point of modification, the functions, structs and defines useful for "dumpimage" were moved from "mkimage" to a common module called "imagetool". This modification also weakens the coupling between image types (FIT, IMX, MXS, and so on) and image tools (mkimage and dumpimage). Any tool may initialize the "imagetool" through register_image_tool() function, while the image types register themselves within an image tool using the register_image_type() function: +---------------+ +------| fit_image | +--------------+ +-----------+ | +---------------+ | mkimage |--------> | | <-----+ +--------------+ | | +---------------+ | imagetool | <------------| imximage | +--------------+ | | +---------------+ | dumpimage |--------> | | <-----+ +--------------+ +-----------+ | +---------------+ +------| default_image | +---------------+ register_image_tool() register_image_type() Also, the struct "mkimage_params" was renamed to "image_tool_params" to make clear its general purpose. Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com> Signed-off-by: Simon Glass <sjg@chromium.org>
2013-08-16tools/Makefile: Move _GNU_SOURCE to MakefileYork Sun
Commit 669dfc2e adds libfdt_env.h to HOSTCPPFLAGS. It causes stdio.h to be included before _GNU_SOURCE is defined in C files. On some old hosts some prototypes are protected by #ifdef __USE_GNU, which is set when _GNU_SOURCE is defined. Signed-off-by: York Sun <yorksun@freescale.com> Acked-by: Simon Glass <sjg@chromium.org>
2013-07-24Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
2011-05-12kwbimage: Fix check variable of checksumNobuhiro Iwamatsu
calc_hdrcsum two times are checked. checksumi of exthdr is not checked. Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com> CC: Prafulla Wadaskar <prafulla@marvell.com>
2011-01-19Fix typo ("comand" instead of "command")Loïc Minier
Signed-off-by: Loc Minier <loic.minier@linaro.org>
2009-09-15kwbimage.c: Fix compile warning when building on 64 bit systems (again)Wolfgang Denk
Commit 51003b89 attempted to fix a build problem on 64 bit systems, but just turned it into a build problem on 32 bit systems (silly me). Now do the Right Thing (TM) and use a "%zu" printf format. Also fix spelling error. Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-09-11kwbimage.c: Fix compile warning when building on 64 bit systemsWolfgang Denk
Fix this warning when building on 64 bit systems: tools/kwbimage.c: In function 'kwbimage_checksum32': tools/kwbimage.c:135: warning: format '%d' expects type 'int', but argument 4 has type 'long unsigned int' Signed-off-by: Wolfgang Denk <wd@denx.de> Cc: Prafulla Wadaskar <prafulla@marvell.com>
2009-09-10mkimage: Add Kirkwood Boot Image support (kwbimage)Prafulla Wadaskar
This patch adds support for "kwbimage" (Kirkwood Boot Image) image types to the mkimage code. For details refer to docs/README.kwbimage This patch is tested with Sheevaplug board Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com> Acked-by: Ron Lee <ron@debian.org> Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>