1. 15 Oct, 2013 1 commit
  2. 14 Oct, 2013 3 commits
  3. 10 Oct, 2013 1 commit
  4. 01 Oct, 2013 2 commits
  5. 27 Sep, 2013 1 commit
  6. 20 Sep, 2013 3 commits
  7. 12 Sep, 2013 1 commit
  8. 10 Sep, 2013 1 commit
  9. 06 Sep, 2013 2 commits
  10. 31 Aug, 2013 9 commits
    • Marek Vasut's avatar
      tools: mxsboot: Staticize functions · 62d40d14
      Marek Vasut authored
      Make remaining non-static functions static and the same for vars.
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Stefano Babic <sbabic@denx.de>
      62d40d14
    • Marek Vasut's avatar
      tools: Sort lists of files in Makefile · a5f746f3
      Marek Vasut authored
      Fix the lists of files so they are in order again.
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: Tom Rini <trini@ti.com>
      Cc: Stefano Babic <sbabic@denx.de>
      a5f746f3
    • Marek Vasut's avatar
      ARM: mxs: tools: Add mkimage support for MXS bootstream · bce88370
      Marek Vasut authored
      Add mkimage support for generating and verifying MXS bootstream.
      The implementation here is mostly a glue code between MXSSB v0.4
      and mkimage, but the long-term goal is to rectify this and merge
      MXSSB with mkimage more tightly. Once this code is properly in
      U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage
      support.
      
      Note that the mxsimage generator needs libcrypto from OpenSSL, I
      therefore enabled the libcrypto/libssl unconditionally.
      
      MXSSB: http://git.denx.de/?p=mxssb.git;a=summary
      
      The code is based on research presented at:
      http://www.rockbox.org/wiki/SbFileFormatSigned-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: Tom Rini <trini@ti.com>
      Cc: Fabio Estevam <fabio.estevam@freescale.com>
      Cc: Stefano Babic <sbabic@denx.de>
      Cc: Otavio Salvador <otavio@ossystems.com.br>
      bce88370
    • Stefano Babic's avatar
      tools: add support for setting the CSF into imximage · 0187c985
      Stefano Babic authored
      Add support for setting the CSF (Command Sequence File) pointer
      which is used for HAB (High Assurance Boot) in the imximage by
      adding e.g.
      
      CSF 0x2000
      
      in the imximage.cfg file.
      
      This will set the CSF pointer accordingly just after the padded
      data image area. The boot_data.length is adjusted with the
      value from the imximage.cfg config file.
      
      The resulting u-boot.imx can be signed with the FSL HAB tooling.
      The generated CSF block needs to be appended to the u-boot.imx.
      Signed-off-by: default avatarStefano Babic <sbabic@denx.de>
      0187c985
    • Stefano Babic's avatar
      tools: add padding of data image file for imximage · 01390aff
      Stefano Babic authored
      Implement function vrec_header to be able to pad the final
      data image file according the what has been calculated for
      boot_data.length.
      Signed-off-by: default avatarStefano Babic <sbabic@denx.de>
      01390aff
    • Stefano Babic's avatar
      tools: add variable padding of data image in mkimage · 9bac0bb3
      Stefano Babic authored
      Use previously unused return value of function vrec_header
      to return a padding size to generic mkimage. This padding
      size is used in copy_files to pad with zeros after copying
      the data image.
      Signed-off-by: default avatarStefano Babic <sbabic@denx.de>
      9bac0bb3
    • Stefano Babic's avatar
      tools: dynamically allocate imx_header in imximage · 377e367a
      Stefano Babic authored
      Change to dynamically allocate the imx_header to correctly
      allocate the IVT, Boot Data and DCD at correct locations
      depending on the boot media.
      
      Also check that the Image Vector Table Offset + IVT +
      Boot Data + DCD <= Initial Load Region Size.
      
      Previously struct imx_header was always 4096 bytes and was
      not dealing correctly with the Image Vector Table Offset.
      
      Now, the memory allocation looks for e.g. SD boot like this
      
       Storage   u-boot.imx                             RAM
       Device
      
       00000000                                         177ff000 <--------------
                                                                               |
       00000400  00000000  d1 00 20 40 IVT.header       177ff400 <-------      |
       00000404  00000004  00 00 80 17 IVT.entry        177ff404 -----------   |
       00000408  00000008  00 00 00 00 IVT.reserved1    177ff408        |  |   |
       0000040C  0000000C  2c f4 7f 17 IVT.dcd          177ff40C ------ |  |   |
       00000410  00000010  20 f4 7f 17 IVT.boot         177ff410 ---- | |  |   |
       00000414  00000014  00 f4 7f 17 IVT.self         177ff414 --------  |   |
       00000418  00000018  00 00 00 00 IVT.csf          177ff418    | |    |   |
       0000041C  0000001C  00 00 00 00 IVT.reserved2    177ff41C    | |    |   |
       00000420  00000020  00 f0 7f 17 BootData.start   177ff420 <--- |    | ---
       00000424  00000024  00 60 03 00 BootData.length  177ff424      |    |
       00000428  00000028  00 00 00 00 BootData.plugin  177ff428      |    |
       0000042C  0000002C  d2 03 30 40 DCD.header       177ff42C <-----    |
       ...                                                                 |
       00001000  00000c00  13 00 00 ea U-Boot Start     17800000 <----------
      
      While at it also remove the unused #define HEADER_OFFSET.
      Signed-off-by: default avatarStefano Babic <sbabic@denx.de>
      377e367a
    • Stefano Babic's avatar
      tools: rename mximage_flash_offset to imximage_ivt_offset · 3150f92c
      Stefano Babic authored
      This better reflects the naming from the Reference Manual
      as well as fits better since "flash" is not really applicabe
      for SATA.
      Signed-off-by: default avatarStefano Babic <sbabic@denx.de>
      3150f92c
    • Stefano Babic's avatar
      tools: imx_header should not include flash_offset · 4655d40f
      Stefano Babic authored
      Doing a  make distclean; make mx6qsabresd_config; make
      and      hexdump -C u-boot.imx | less
      
       ...
       00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
       *
       000003f0  00 00 00 00 00 00 00 00  00 00 00 00 00 04 00 00  |................|
                                                      ^^^^^^^^^^^
       00000400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
       *
       00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...ê.ð.å.ð.å.ð.å|
       ...
      
      shows the flash_offset value being written into the final
      generated image, wich is not correct.
      
      Instead create flash_offset as static variable such that the
      generated image is "clean".
      
       00000360  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
       *
       00001000  13 00 00 ea 14 f0 9f e5  14 f0 9f e5 14 f0 9f e5  |...ê.ð.å.ð.å.ð.å|
      Signed-off-by: default avatarStefano Babic <sbabic@denx.de>
      4655d40f
  11. 28 Aug, 2013 1 commit
  12. 27 Aug, 2013 1 commit
  13. 16 Aug, 2013 1 commit
  14. 10 Aug, 2013 1 commit
  15. 02 Aug, 2013 1 commit
  16. 24 Jul, 2013 2 commits
  17. 15 Jul, 2013 1 commit
  18. 03 Jul, 2013 1 commit
  19. 28 Jun, 2013 1 commit
    • Simon Glass's avatar
      mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE · 29ce737d
      Simon Glass authored
      At present mkimage is set up to always build with image signing support.
      This means that the SSL libraries (e.g. libssl-dev) are always required.
      
      Adjust things so that mkimage can be built with and without image signing,
      controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.
      
      If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
      that signing is not supported. If the option is enabled, but libraries are
      not available, then a build error similar to this will be shown:
      
      lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      29ce737d
  20. 26 Jun, 2013 6 commits
    • Simon Glass's avatar
      image: Add support for signing of FIT configurations · 4d098529
      Simon Glass authored
      While signing images is useful, it does not provide complete protection
      against several types of attack. For example, it it possible to create a
      FIT with the same signed images, but with the configuration changed such
      that a different one is selected (mix and match attack). It is also possible
      to substitute a signed image from an older FIT version into a newer FIT
      (roll-back attack).
      
      Add support for signing of FIT configurations using the libfdt's region
      support.
      
      Please see doc/uImage.FIT/signature.txt for more information.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      4d098529
    • Simon Glass's avatar
      mkimage: Add -r option to specify keys that must be verified · 399c744b
      Simon Glass authored
      Normally, multiple public keys can be provided and U-Boot is not
      required to use all of them for verification. This is because some
      images may not be signed, or may be optionally signed.
      
      But we still need a mechanism to determine when a key must be used.
      This feature cannot be implemented in the FIT itself, since anyone
      could change it to mark a key as optional. The requirement for
      key verification must go in with the public keys, in a place that
      is protected from modification.
      
      Add a -r option which tells mkimage to mark all keys that it uses
      for signing as 'required'.
      
      If some keys are optional and some are required, run mkimage several
      times (perhaps with different key directories if some keys are very
      secret) using the -F flag to update an existing FIT.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: default avatarMarek Vasut <marex@denx.de>
      399c744b
    • Simon Glass's avatar
      mkimage: Add -c option to specify a comment for key signing · 4f610427
      Simon Glass authored
      When signing an image, it is useful to add some details about which tool
      or person is authorising the signing. Add a comment field which can take
      care of miscellaneous requirements.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: default avatarMarek Vasut <marex@denx.de>
      4f610427
    • Simon Glass's avatar
      mkimage: Add -F option to modify an existing .fit file · 95d77b44
      Simon Glass authored
      When signing images it is sometimes necessary to sign with different keys
      at different times, or make the signer entirely separate from the FIT
      creation to avoid needing the private keys to be publicly available in
      the system.
      
      Add a -F option so that key signing can be a separate step, and possibly
      done multiple times as different keys are avaiable.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: default avatarMarek Vasut <marex@denx.de>
      95d77b44
    • Simon Glass's avatar
      mkimage: Add -K to write public keys to an FDT blob · e29495d3
      Simon Glass authored
      FIT image verification requires public keys. Add a convenient option to
      mkimage to write the public keys to an FDT blob when it uses then for
      signing an image. This allows us to use:
      
         mkimage -f test.its -K dest.dtb -k keys test.fit
      
      and have the signatures written to test.fit and the corresponding public
      keys written to dest.dtb. Then dest.dtb can be used as the control FDT
      for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
      public keys it needs.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: default avatarMarek Vasut <marex@denx.de>
      e29495d3
    • Simon Glass's avatar
      mkimage: Add -k option to specify key directory · 80e4df8a
      Simon Glass authored
      Keys required for signing images will be in a specific directory. Add a
      -k option to specify that directory.
      
      Also update the mkimage man page with this information and a clearer list
      of available commands.
      Signed-off-by: default avatarSimon Glass <sjg@chromium.org>
      Reviewed-by: Marek Vasut <marex@denx.de> (v1)
      80e4df8a