Age | Commit message (Collapse) | Author |
|
EVP_VerifyFinal would return one of three values:
1 if the data is verified to be correct;
0 if it is incorrect;
-1 if there is any failure in the verification process.
The varification in unpatched version is wrong, since it ignored
the return value of -1.
The bug allows a malformed signature to be treated as a good
signature rather than as an error. This issue affects the
signature checks on DSA ans ECDSA keys used with SSL/TLS.
This issue is similar to CVE-2008-5077, CVE-2009-0021,
CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049.
Signed-off-by: Young Xiao <92siuyang@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
For the time being the Armada MSYS SoCs need to use the bin_hdr from the
Marvell U-Boot. Because of this the binary.0 does not contain the image
header that a proper u-boot SPL would so the adjustment introduced by
commit 94084eea3bd3 ("tools: kwbimage: Fix dest addr") does not apply.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Fix build after addition of RSA_get0_key() to LibreSSL.
Patch from Theo Buehler and Stuart Henderson.
Signed-off-by: Theo Buehler <tb@openbsd.org>
Signed-off-by: Stuart Henderson <sthen@openbsd.org>
|
|
The verify_header callback in kwbimage.c only verifies v0 headers checksum.
Running 'mkimage -l' on a v1 image gives the following misleading output:
GP Header: Size ae000000 LoadAddr 34160600
Implement support for v1 headers. For that, factor out the header checksum code
to a separate main_hdr_checksum_ok() routine. This routine relies on the fact
that the checksum field offset is the same in both v0 and v1 headers. With this
patch applied 'mkimage -l' correctly identifies the image:
Image Type: MVEBU Boot from sdio Image
Image version:1
Data Size: 398904 Bytes = 389.55 KiB = 0.38 MiB
Load Address: 007fffc0
Entry Point: 00800000
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
The kwbimage utility fails to compile when LibreSSL is present on
the host system instead of OpenSSL. This one-line patch resolves
this.
Signed-off-by: Marek Behun <marek.behun@nic.cz>
|
|
image_version_file()'s only use is to return the version number of the
specified image, and it's only called by kwbimage_generate(). This
version function mallocs "image_cfg" and reads the contents of the image
into that buffer. Before return to its caller it frees the buffer.
After extracting the version, kwb_image_generate() tries to calculate
the header size by calling image_headersz_v1(). This function now
accesses "image_cfg", which has already been freed.
Since image_version_file() is only used by a single function, inline it
into kwbimage_generate() and only free the buffer after it is no longer
needed. This also improves code readability since the code is mostly
equal to kwbimage_set_header().
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.
EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
The return value of fstat was not checked in kwbimage, and in the case
of an error, the already open file was not closed. Fix both errors.
Reported-by: Coverity (CID: 155971)
Reported-by: Coverity (CID: 155969)
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Offset 0x1 in the generated kwb image file is a set of flags, bit 0
enables debug output from the BootROM firmware. Allow a DEBUG option in
the kwb configuration to request debug output from the BootROM firmware.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Offset 0x18 in some Marvell datasheets this field is redacted as
"reserved". This offset is actually a set of options and bits 2:0 allow
the selection of the UART baudrate.
Allow a BAUDRATE option to set the UART baudrate for any messages coming
from the BootROM firmware.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
|
|
Fix computation of haeder size and binary header size.
Size of opt header and some 32bit values were not taken into account. This could
result in invalid boot images (due to the wrong binary header size, the image could
claim to have another extension header after the binary extension although there
is none).
Use "uint32_t" instead of "unsigned int" for header size computation.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
|
|
KWB image header values are in little endian (LE).
So adding appropriate cpu_to_leXX() calls to allow building those images
on BE hosts, too.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
With the dtb added to the main U-Boot image, it can happen, that
the resulting image is not 4-byte aligned. As the dtb tends to
be unaligned. But the image needs to be 4-byte aligned. At least the
Marvell hdrparser tool complains if its unaligned. By returning 1 here
in kwbimage_generate(), called via tparams->vrec_header() in mkimage.c,
mkimage will automatically pad the resulting image to a 4-byte size
if necessary.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
|
|
The binary header ends with one lword, defining if another header
follows this one. This additions 4 bytes need to be taken into
account in the generation of the header size. And the complete
4 bytes at the end of this binary header need to get cleared.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Kevin Smith <kevin.smith@elecsyscorp.com>
|
|
The MVEBU BootROM does not allow non word aligned payloads.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
|
|
Currently, kwboot only allows dynamic UART boot mode patching for SoCs
with header version 0 (Orion, Kirkwood). This patch now enables this "-p"
feature also for SoCs with header version 1 (Armada XP / 38x etc). With
this its possible now to use the UART boot mode without on images that
are generated for other boot devices, like SPI. So no need to change
BOOT_FROM to "uart" for UART xmodem booting any more.
Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Kevin Smith <kevin.smith@elecsyscorp.com>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
|
|
To use this offset for other boot device (like SDIO/MMC), lets rename
it to a more generic name. This will be used be the SDIO/MMC SPL boot
support for the A38x.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
|
|
This patch adds support to select the "sdio" as boot device in the
kwbimage.cfg file. This line selects this SDIO device:
BOOT_FROM sdio
Tested on Marvell DB-88F6820-GP board.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
|
|
If defined, the macro CONFIG_SYS_SPI_U_BOOT_OFFS allows a board
to specify the offset of the payload image into the kwb image
file. This value was being used to locate the image, but was not
used in the "header size" field of the main header. Move the
use of this macro into the function that returns the header size
so that the same value is used in all places.
Signed-off-by: Kevin Smith <kevin.smith@elecsyscorp.com>
Tested-by: Stefan Roese <sr@denx.de>
|
|
According to the Armada-XP documentation the binary header format
requires the header length to be aligned to 4B.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Acked-by: Stefan Roese <sr@denx.de>
Acked-by: Prafulla Wadaskar <prafulla@marvell.com>
|
|
We can't use config.h directly as some platforms include headers that
aren't safe to use in normal Linux userland.
Signed-off-by: Tom Rini <trini@ti.com>
|
|
This is used on the AXP boards, to pad u-boot.img to the desired offset in
SPI flash (only this boot target supported right now). This offset is
used by the SPL then to load u-boot.img into SDRAM and execute it there.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Luka Perkov <luka.perkov@sartura.hr>
|
|
The registration was introduced in commit f86ed6a8d52c99bb2d17d3cac1647edca0c4399c
This commit also removes all registration functions, and the member "next"
from image_type_params struct
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
|
|
The two error checks for image_boot_mode_id and image_nand_ecc_mode_id where
wrong and would never fail, fix that!
This was detected by Apple's clang compiler:
---8<---
HOSTCC tools/kwbimage.o
tools/kwbimage.c:553:20: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (el->bootfrom < 0) {
~~~~~~~~~~~~ ^ ~
tools/kwbimage.c:571:23: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (el->nandeccmode < 0) {
~~~~~~~~~~~~~~~ ^ ~
2 warnings generated.
--->8---
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Acked-By: Jeroen Hofstee <jeroen@myspectrum.nl>
|
|
When building with my toolchain (4.8.2):
CROSS_COMPILE=/home/lukma/work/ptxdist/toolchains/arm/OSELAS.Toolchain-2013.12.0/arm-v7a-linux-gnueabi/gcc-4.8.2-glibc-2.18-binutils-2.24-kernel-3.12-sanitized/bin/arm-v7a-linux-gnueabi-
I see following WARNING:
tools/kwbimage.c: In function "kwbimage_set_header":
tools/kwbimage.c:803:8: warning: "headersz" may be used uninitialized in this function [-Wmaybe-uninitialized]
memcpy(ptr, image, headersz);
^
This fix aims to suppress it.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Acked-by: Stefan Roese <sr@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>
|
|
This patch fix the kwimage tools for version 0 fileformat used for kirkwood
Tested on sheevaplug
Signed-off-by: Gerald Kerma <drEagle@doukki.net>
Tested-by: Stefan Roese <sr@denx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Acked-By: Prafulla Wadaskar <prafulla@marvell.com>
|
|
This patch fixes a compilation warning of kwbimage.c:
tools/kwbimage.c: In function ‘kwbimage_set_header’:
tools/kwbimage.c:784:8: warning: ‘headersz’ may be used uninitialized in this function [-Wmaybe-uninitialized]
memcpy(ptr, image, headersz);
^
Instead of using multiple if statements, use a switch statement with
a default entry. And return with error if an unsupported version
is configured in the cfg file.
Signed-off-by: Stefan Roese <sr@denx.de>
Acked-By: Wolfgang Denk <wd@denx.de>
|
|
kwbimage uses get_current_dir_name(3) which is a gnu extension and not
available on darwin host. Fix this by converting to portable getcwd(3)
function.
This patch fixes the following error:
---8<---
HOSTCC tools/kwbimage.o
tools/kwbimage.c:399:16: warning: implicit declaration of function 'get_current_dir_name' is invalid in C99 [-Wimplicit-function-declaration]
char *cwd = get_current_dir_name();
^
tools/kwbimage.c:399:10: warning: incompatible integer to pointer conversion initializing 'char *' with an expression of type 'int' [-Wint-conversion]
char *cwd = get_current_dir_name();
^ ~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
...
Undefined symbols for architecture x86_64:
"_get_current_dir_name", referenced from:
_image_headersz_v1 in kwbimage.o
ld: symbol(s) not found for architecture x86_64
--->8---
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Stefan Roese <sr@denx.de>
Acked-by: Stefan Roese <sr@denx.de>
[agust: fixed getcwd() return warning]
Signed-off-by: Anatolij Gustschin <agust@denx.de>
|
|
This patch integrates the Barebox version of this kwbimage.c file into
U-Boot. As this version supports the image version 1 type for the
Armada XP / 370 SoCs.
It was easier to integrate the existing and known to be working Barebox
source than to update the current U-Boot version to support this
v1 image header format. Now all Marvell MVEBU SoCs are supported:
Image type 0: Kirkwood & Dove
Image type 1: Armada 370 & Armada XP
Please note that the current v1 support has this restuction (same as
has Barebox version):
Not implemented: support for the register headers and secure headers
in v1 images
Tested on Marvell DB-78460-BP eval board.
Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Luka Perkov <luka@openwrt.org>
|
|
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".
This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:
+---------------+
+------| fit_image |
+--------------+ +-----------+ | +---------------+
| mkimage |--------> | | <-----+
+--------------+ | | +---------------+
| imagetool | <------------| imximage |
+--------------+ | | +---------------+
| dumpimage |--------> | | <-----+
+--------------+ +-----------+ | +---------------+
+------| default_image |
+---------------+
register_image_tool() register_image_type()
Also, the struct "mkimage_params" was renamed to "image_tool_params" to make
clear its general purpose.
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Commit 669dfc2e adds libfdt_env.h to HOSTCPPFLAGS. It causes stdio.h
to be included before _GNU_SOURCE is defined in C files. On some old hosts
some prototypes are protected by #ifdef __USE_GNU, which is set when
_GNU_SOURCE is defined.
Signed-off-by: York Sun <yorksun@freescale.com>
Acked-by: Simon Glass <sjg@chromium.org>
|
|
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
|
|
calc_hdrcsum two times are checked. checksumi of exthdr is not checked.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
CC: Prafulla Wadaskar <prafulla@marvell.com>
|
|
Signed-off-by: Loc Minier <loic.minier@linaro.org>
|
|
Commit 51003b89 attempted to fix a build problem on 64 bit systems,
but just turned it into a build problem on 32 bit systems (silly me).
Now do the Right Thing (TM) and use a "%zu" printf format.
Also fix spelling error.
Signed-off-by: Wolfgang Denk <wd@denx.de>
|
|
Fix this warning when building on 64 bit systems:
tools/kwbimage.c: In function 'kwbimage_checksum32':
tools/kwbimage.c:135: warning: format '%d' expects type 'int',
but argument 4 has type 'long unsigned int'
Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Prafulla Wadaskar <prafulla@marvell.com>
|
|
This patch adds support for "kwbimage" (Kirkwood Boot Image)
image types to the mkimage code.
For details refer to docs/README.kwbimage
This patch is tested with Sheevaplug board
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Acked-by: Ron Lee <ron@debian.org>
Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
|