diff options
| author | Tom Rini <[email protected]> | 2022-03-31 14:12:30 -0400 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2022-03-31 14:12:30 -0400 |
| commit | 52d8100b1d60b656e3e311e3312fed43d388088a (patch) | |
| tree | cb370025bcc386ef741cce94bda1b4dd58fe2d76 /include | |
| parent | 23e354f82c04a1c070ca59907abc6b042761b0e7 (diff) | |
| parent | 7bebc11c42351c8f0364f0e3eb922f5af7b6e826 (diff) | |
Merge branch '2022-03-31-image-add-a-stage-pre-load' into next
To quote the author:
This series adds a stage pre-load before launching an image. This stage
is used to read a header before the image and this header contains the
signature of the full image. So u-boot may check the full image before
using any data of the image.
The support of this header is added to binman, and a command verify
checks the signature of a blob and set the u-boot env variable
"loadaddr_verified" to the beginning of the "real" image.
The support of this header is only added to binman, but it may also be
added to mkimage.
Diffstat (limited to 'include')
| -rw-r--r-- | include/image.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h index 97e5f2eb24d..498eb7f2e3e 100644 --- a/include/image.h +++ b/include/image.h @@ -48,6 +48,7 @@ struct fdt_region; extern ulong image_load_addr; /* Default Load Address */ extern ulong image_save_addr; /* Default Save Address */ extern ulong image_save_size; /* Default Save Size */ +extern ulong image_load_offset; /* Default Load Address Offset */ /* An invalid size, meaning that the image size is not known */ #define IMAGE_SIZE_INVAL (-1UL) @@ -350,6 +351,7 @@ typedef struct bootm_headers { #define BOOTM_STATE_OS_PREP (0x00000100) #define BOOTM_STATE_OS_FAKE_GO (0x00000200) /* 'Almost' run the OS */ #define BOOTM_STATE_OS_GO (0x00000400) +#define BOOTM_STATE_PRE_LOAD 0x00000800 int state; #if defined(CONFIG_LMB) && !defined(USE_HOSTCC) @@ -1017,6 +1019,21 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int fit_set_timestamp(void *fit, int noffset, time_t timestamp); +/** + * fit_pre_load_data() - add public key to fdt blob + * + * Adds public key to the node pre load. + * + * @keydir: Directory containing keys + * @keydest: FDT blob to write public key + * @fit: Pointer to the FIT format image header + * + * returns: + * 0, on success + * < 0, on failure + */ +int fit_pre_load_data(const char *keydir, void *keydest, void *fit); + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname); @@ -1324,6 +1341,19 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name); struct padding_algo *image_get_padding_algo(const char *name); /** + * image_pre_load() - Manage pre load header + * + * Manage the pre-load header before launching the image. + * It checks the signature of the image. It also set the + * variable image_load_offset to skip this header before + * launching the image. + * + * @param addr Address of the image + * @return: 0 on success, -ve on error + */ +int image_pre_load(ulong addr); + +/** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * * @fit: FIT to check |