u-boot.git/include/image.h, branch v2021.07 Unnamed repository; edit this file 'description' to name the repository. lmb: move CONFIG_LMB in Kconfig 2021-04-22T18:09:45+00:00 Patrick Delaunay patrick.delaunay@foss.st.com 2021-03-10T09:16:25+00:00 77b8cfef531f7758f35a8598bd474713cfc2c2ec Migrate CONFIG_LMB in Kconfig. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> 
Migrate CONFIG_LMB in Kconfig.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
mkimage: Add a 'keyfile' argument for image signing 2021-04-14T19:23:01+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:17+00:00 36bfcb62b3e7b846d0b693828df54a0d58e07511 It's not always desirable to use 'keydir' and some ad-hoc heuristics to get the filename of the signing key. More often, just passing the filename is the simpler, easier, and logical thing to do. Since mkimage doesn't use long options, we're slowly running out of letters. I've chosen '-G' because it was available. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.

Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Add support for ECDSA image signing 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:12+00:00 ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Rename rsa-checksum.c to hash-checksum.c 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:10+00:00 0bcb28dfb946b32ed7550fc4c24c5dcea6718554 rsa-checksum.c sontains the hash_calculate() implementations. Despite the "rsa-" file prefix, this function is useful for other algorithms. To prevent confusion, move this file to lib/, and rename it to hash-checksum.c, to give it a more "generic" feel. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge tag 'v2021.04-rc5' into next 2021-03-29T22:00:21+00:00 Tom Rini trini@konsulko.com 2021-03-29T21:53:19+00:00 1057b1be75386e3513dca392d8258e01e5cccc01 Prepare v2021.04-rc5 
Prepare v2021.04-rc5
sandbox: image: Allow sandbox to load any image 2021-03-27T02:04:31+00:00 Simon Glass sjg@chromium.org 2021-03-15T05:11:12+00:00 e2734d647e9c86f46083b29224fc7b41a46e1858 Sandbox is special in that it is used for testing and it does not match any particular target architecture. Allow it to load an image from any architecture, so that 'bootm' can be used as needed. Signed-off-by: Simon Glass <sjg@chromium.org> 
Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Avoid -ENODATA in host tools 2021-03-17T16:50:19+00:00 Simon Glass sjg@chromium.org 2021-02-24T13:50:32+00:00 29cbc4babf0a971986cccd73986908d1b8f07bda Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG instead, to indicate a missing timestamp. Fixes: c5819701a3d image: Adjust the workings of fit_check_format() Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> 
Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.

Fixes: c5819701a3d image: Adjust the workings of fit_check_format()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
image: Do not #if guard board_fit_image_post_process() prototype 2021-02-18T00:46:43+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-01-20T16:46:54+00:00 9e304239785dce3100303bf3dc211cf544247da0 There's no point in guarding function prototypes with #ifdefs. If a function is not defined, the linker will notice. Having the prototype does not affect code size. What the #if guard takes away is the ability to use IS_ENABLED: if (CONFIG_IS ENABLED(FIT_IMAGE_POST_PROCESS)) board_fit_image_post_process(...) When the prototype is guarded, the above form cannot be used. This leads to the proliferation of #ifdefs, and unreadable code. The opportunity cost of the #if guard outweighs any benefits. Remove it. Since the original version of this patch, an empty definition was added by commit f14e6eec6c7f ("image: cleanup pre-processor usage"). The empty definition can cause silent failures, when an implementation of board_fit_image_post_process() is expected because the linker will not catch the missing function. Thus this patch removes this empty inline declaration. Fixes: f14e6eec6c7f ("image: cleanup pre-processor usage") Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
There's no point in guarding function prototypes with #ifdefs. If a
function is not defined, the linker will notice. Having the prototype
does not affect code size.

What the #if guard takes away is the ability to use IS_ENABLED:

	if (CONFIG_IS ENABLED(FIT_IMAGE_POST_PROCESS))
		board_fit_image_post_process(...)

When the prototype is guarded, the above form cannot be used. This
leads to the proliferation of #ifdefs, and unreadable code. The
opportunity cost of the #if guard outweighs any benefits. Remove it.

Since the original version of this patch, an empty definition was
added by commit f14e6eec6c7f ("image: cleanup pre-processor usage").
The empty definition can cause silent failures, when an implementation
of board_fit_image_post_process() is expected because the linker will
not catch the missing function. Thus this patch removes this empty
inline declaration.

Fixes: f14e6eec6c7f ("image: cleanup pre-processor usage")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Adjust the workings of fit_check_format() 2021-02-16T03:31:52+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:09+00:00 c5819701a3de61e2ba2ef7ad0b616565b32305e5 At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> 
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
tools: mkimage: Add Allwinner eGON support 2021-01-11T23:19:33+00:00 Andre Przywara andre.przywara@arm.com 2018-12-20T01:15:18+00:00 6d295099cc96ed39cd2229dad376ab00baba9a5d So far we used the separate mksunxiboot tool for generating a bootable image for Allwinner SPLs, probably just for historical reasons. Use the mkimage framework to generate a so called eGON image the Allwinner BROM expects. The new image type is called "sunxi_egon", to differentiate it from the (still to be implemented) secure boot TOC0 image. Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net> Reviewed-by: Samuel Holland <samuel@sholland.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.

Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>