u-boot.git/tools/fit_common.c, branch master Unnamed repository; edit this file 'description' to name the repository. tools: copyfile: use 64k instead of 512 buffer 2024-04-17T23:06:01+00:00 Ahelenia Ziemiańska nabijaczleweli@nabijaczleweli.xyz 2024-04-09T12:14:34+00:00 7c665e151246cf8b5072ca4f1916f8ed0fa8565c This is a trivial but significant optimization: mkimage took >200ms (and 49489 writes (of which 49456 512)), now it takes 110ms (and 419 writes (of which 386 64k)). sendfile is much more appropriate for this and is done in one syscall, but doesn't bring any significant speedups over 64k r/w at the 13M size ranges, so there's no need to introduce #if __linux__ while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0) ; if(size != -1) { ret = 0; goto out; } #endif Also extract the buffer size to a macro. Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Reviewed-by: Dragan Simic <dsimic@manjaro.org> 
This is a trivial but significant optimization:
mkimage took >200ms (and 49489 writes (of which 49456 512)),
now it takes  110ms (and   419 writes (of which   386 64k)).

sendfile is much more appropriate for this and is done in one syscall,
but doesn't bring any significant speedups over 64k r/w
at the 13M size ranges, so there's no need to introduce
	#if __linux__
	while((size = sendfile(fd_dst, fd_src, NULL, 128 * 1024 * 1024)) > 0)
		;
	if(size != -1) {
		ret = 0;
		goto out;
	}
	#endif

Also extract the buffer size to a macro.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
tools: imagetool: Extend print_header() by params argument 2023-04-13T09:34:47+00:00 Pali Rohár pali@kernel.org 2023-03-29T19:25:54+00:00 2972d7d62f8f177bf2186c7a38bdae53dff99a7a This allows image type print_header() callback to access struct image_tool_params *params. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
This allows image type print_header() callback to access struct
image_tool_params *params.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
tools: mkimage: Show where signatures/keys are written 2022-01-26T15:50:44+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:13+00:00 2d2384bbaff0ab84c868b553c74048a5f6acc9e3 At present mkimage displays the node information but it is not clear what signing action was taken. Add a message that shows it. For now it only supports showing a single signing action, since that is the common case. Sample: Signature written to 'sha1-basic/test.fit', node '/configurations/conf-1/signature' Public key written to 'sha1-basic/sandbox-u-boot.dtb', node '/signature/key-dev' Signed-off-by: Simon Glass <sjg@chromium.org> 
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>
tools: Avoid leaving extra data at the end of copied files 2022-01-26T15:50:43+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:05+00:00 7ae46c35793bcc034f1300d8b79e3fd7e506537c The copyfile() implementation has strange behaviour if the destination file already exists. Update it to ensure that any existing data in the destination file is dropped. Signed-off-by: Simon Glass <sjg@chromium.org> 
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.

Signed-off-by: Simon Glass <sjg@chromium.org>
tools: Move copyfile() into a common file 2022-01-26T15:50:43+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:04+00:00 e291a5c9a2acff16ba3b976198bba7da9828c9e9 This function is useful in other places. Move it to a common file. Signed-off-by: Simon Glass <sjg@chromium.org> 
This function is useful in other places. Move it to a common file.

Signed-off-by: Simon Glass <sjg@chromium.org>
tools/fitimage: make sure dumpimage still works when "@" are detected 2022-01-24T15:35:10+00:00 Stefan Eichenberger eichest@gmail.com 2022-01-10T17:48:32+00:00 6f08eee67fe93068ab501cc5f3094e480e76f4a9 fit_verify_header fails if it detects unit addresses "@". However, this will break tools like dumpimage on fit images which worked with previous versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output of: dumpimage -l <fit image> is: FIT description: U-Boot fitImage for Linux Distribution Created: Thu Jan 1 01:00:00 1970 Image 0 (kernel@1) Description: Linux kernel Created: Thu Jan 1 01:00:00 1970 Type: Kernel Image Compression: gzip compressed Data Size: 6442456 Bytes = 6291.46 KiB = 6.14 MiB Architecture: AArch64 OS: Linux Load Address: 0x80080000 Entry Point: 0x80080000 Hash algo: sha256 Hash value: ... Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb) Description: Flattened Device Tree blob Created: Thu Jan 1 01:00:00 1970 Type: Flat Device Tree Compression: uncompressed Data Size: 39661 Bytes = 38.73 KiB = 0.04 MiB Architecture: AArch64 Hash algo: sha256 Hash value: ... Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb' Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb) Description: 1 Linux kernel, FDT blob Kernel: kernel@1 FDT: fdt@freescale_fsl-s32g274a-evb.dtb Hash algo: sha256 Hash value: unavailable But with newer version it shows: dumpimage -l <fit image> GP Header: Size d00dfeed LoadAddr 62f0a4 This commit will output a warning that unit addresses were detected but will not fail: dumpimage -l <fit image> Image contains unit addresses @, this will break signing ... Signed-off-by: Stefan Eichenberger <eichest@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
fit_verify_header fails if it detects unit addresses "@". However, this
will break tools like dumpimage on fit images which worked with previous
versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output
of:
dumpimage -l <fit image>
is:
FIT description: U-Boot fitImage for Linux Distribution
Created:         Thu Jan  1 01:00:00 1970
 Image 0 (kernel@1)
  Description:  Linux kernel
  Created:      Thu Jan  1 01:00:00 1970
  Type:         Kernel Image
  Compression:  gzip compressed
  Data Size:    6442456 Bytes = 6291.46 KiB = 6.14 MiB
  Architecture: AArch64
  OS:           Linux
  Load Address: 0x80080000
  Entry Point:  0x80080000
  Hash algo:    sha256
  Hash value:   ...
 Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb)
  Description:  Flattened Device Tree blob
  Created:      Thu Jan  1 01:00:00 1970
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    39661 Bytes = 38.73 KiB = 0.04 MiB
  Architecture: AArch64
  Hash algo:    sha256
  Hash value:   ...
 Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb'
 Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb)
  Description:  1 Linux kernel, FDT blob
  Kernel:       kernel@1
  FDT:          fdt@freescale_fsl-s32g274a-evb.dtb
  Hash algo:    sha256
  Hash value:   unavailable

But with newer version it shows:
dumpimage -l <fit image>
GP Header: Size d00dfeed LoadAddr 62f0a4

This commit will output a warning that unit addresses were detected but
will not fail:
dumpimage -l <fit image>
Image contains unit addresses @, this will break signing
...

Signed-off-by: Stefan Eichenberger <eichest@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: Adjust the workings of fit_check_format() 2021-02-16T03:31:52+00:00 Simon Glass sjg@chromium.org 2021-02-16T00:08:09+00:00 c5819701a3de61e2ba2ef7ad0b616565b32305e5 At present this function does not accept a size for the FIT. This means that it must be read from the FIT itself, introducing potential security risk. Update the function to include a size parameter, which can be invalid, in which case fit_check_format() calculates it. For now no callers pass the size, but this can be updated later. Also adjust the return value to an error code so that all the different types of problems can be distinguished by the user. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Bruce Monroe <bruce.monroe@intel.com> Reported-by: Arie Haenel <arie.haenel@intel.com> Reported-by: Julien Lenoir <julien.lenoir@intel.com> 
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
tools: use read-only mmap in fit_check_sign 2019-05-18T16:32:02+00:00 Luca Boccassi luca.boccassi@microsoft.com 2019-05-14T18:35:02+00:00 7d57485a8a3c45c254919f01337c14cc2856accd Add an option to open files in read-only mode in mmap_fdt so that fit_check_sign can be used to inspect files on read-only filesystems. For example, this is useful when a key is shipped in a read-only rootfs or squashfs. Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com> 
Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
fdt: Fix FIT header verification in mkimage and conduct same checks as bootm 2019-03-08T16:31:44+00:00 Jordan Hand jordanhand22@gmail.com 2019-03-05T22:47:56+00:00 d32aa3cae44e618048ff7f378577d44f9b6d6dcc FIT header verification in mkimage was treating a return code as a boolean, which meant that failures in validating the fit were seen as successes. Additionally, mkimage was checking all formats to find a header which passes validation, rather than using the image type specified to mkimage. checkpatch.pl checks for lines ending with '(' and alignment matching open parentheses are ignored to keep with existing coding style. Signed-off-by: Jordan Hand <jorhand@microsoft.com> 
FIT header verification in mkimage was treating a return code as a boolean,
which meant that failures in validating the fit were seen as successes.

Additionally, mkimage was checking all formats to find a header which
passes validation, rather than using the image type specified to
mkimage.

checkpatch.pl checks for lines ending with '(' and alignment matching
open parentheses are ignored to keep with existing coding style.

Signed-off-by: Jordan Hand <jorhand@microsoft.com>
SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07T13:34:12+00:00 Tom Rini trini@konsulko.com 2018-05-06T21:58:06+00:00 83d290c56fab2d38cd1ab4c4cc7099559c1d5046 When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>