From 5d2f7d306cecaf454569fd787855ba1106499400 Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali@kernel.org>
Date: Tue, 26 Jul 2022 16:11:56 +0200
Subject: cmd: mvebu/bubt: Verify image type for all 32-bit Aramda SoCs and
 Armada 3700
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Current image type verification code is specific to 32-bit Armada SoCs but
used only for Armada 38x. Implement image type verification for Armada 3700
and enable Armada 38x image verification for all 32-bit Armada SoCs.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---
 cmd/mvebu/bubt.c | 74 ++++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 48 insertions(+), 26 deletions(-)

(limited to 'cmd')

diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index 1362c03bcee..a05e22a5479 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -56,6 +56,21 @@ struct mvebu_image_header {
 #define IMAGE_VERSION_3_6_0	0x030600
 #define IMAGE_VERSION_3_5_0	0x030500
 
+struct tim_boot_flash_sign {
+	unsigned int id;
+	const char *name;
+};
+
+struct tim_boot_flash_sign tim_boot_flash_signs[] = {
+	{ 0x454d4d08, "mmc"  },
+	{ 0x454d4d0b, "mmc"  },
+	{ 0x5350490a, "spi"  },
+	{ 0x5350491a, "nand" },
+	{ 0x55415223, "uart" },
+	{ 0x53415432, "sata" },
+	{},
+};
+
 struct common_tim_data {
 	u32	version;
 	u32	identifier;
@@ -83,7 +98,7 @@ struct mvebu_image_info {
 	u32	encrypt_start_offset;
 	u32	encrypt_size;
 };
-#endif
+#elif defined(CONFIG_ARMADA_32BIT)
 
 /* Structure of the main header, version 1 (Armada 370/XP/375/38x/39x) */
 struct a38x_main_hdr_v1 {
@@ -123,6 +138,8 @@ struct a38x_boot_mode a38x_boot_modes[] = {
 	{},
 };
 
+#endif
+
 struct bubt_dev {
 	char name[8];
 	size_t (*read)(const char *file_name);
@@ -635,7 +652,7 @@ static int check_image_header(void)
 
 	return 0;
 }
-#elif defined(CONFIG_ARMADA_38X)
+#elif defined(CONFIG_ARMADA_32BIT)
 static size_t a38x_header_size(const struct a38x_main_hdr_v1 *h)
 {
 	if (h->version == 1)
@@ -691,34 +708,39 @@ static int check_image_header(void)
 
 static int bubt_check_boot_mode(const struct bubt_dev *dst)
 {
-	if (IS_ENABLED(CONFIG_ARMADA_38X)) {
-		int mode;
-		const struct a38x_main_hdr_v1 *hdr =
-			(struct a38x_main_hdr_v1 *)get_load_addr();
-
-		for (mode = 0; mode < ARRAY_SIZE(a38x_boot_modes); mode++) {
-			if (strcmp(a38x_boot_modes[mode].name, dst->name) == 0)
-				break;
-		}
-
-		if (a38x_boot_modes[mode].id == hdr->blockid)
-			return 0;
+#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_32BIT)
+	int mode;
+#if defined(CONFIG_ARMADA_3700)
+	const struct tim_boot_flash_sign *boot_modes = tim_boot_flash_signs;
+	const struct common_tim_data *hdr =
+		(struct common_tim_data *)get_load_addr();
+	u32 id = hdr->boot_flash_sign;
+#elif defined(CONFIG_ARMADA_32BIT)
+	const struct a38x_boot_mode *boot_modes = a38x_boot_modes;
+	const struct a38x_main_hdr_v1 *hdr =
+		(struct a38x_main_hdr_v1 *)get_load_addr();
+	u32 id = hdr->blockid;
+#endif
 
-		for (int i = 0; i < ARRAY_SIZE(a38x_boot_modes); i++) {
-			if (a38x_boot_modes[i].id == hdr->blockid) {
-				printf("Error: A38x image meant to be booted from "
-				       "\"%s\", not \"%s\"!\n",
-				       a38x_boot_modes[i].name, dst->name);
-				return -ENOEXEC;
-			}
-		}
+	for (mode = 0; boot_modes[mode].name; mode++) {
+		if (boot_modes[mode].id == id)
+			break;
+	}
 
-		printf("Error: unknown boot device in A38x image header: "
-		       "0x%x\n", hdr->blockid);
+	if (!boot_modes[mode].name) {
+		printf("Error: unknown boot device in image header: 0x%x\n", id);
 		return -ENOEXEC;
-	} else {
-		return 0;
 	}
+
+	if (strcmp(boot_modes[mode].name, dst->name) == 0)
+		return 0;
+
+	printf("Error: image meant to be booted from \"%s\", not \"%s\"!\n",
+	       boot_modes[mode].name, dst->name);
+	return -ENOEXEC;
+#else
+	return 0;
+#endif
 }
 
 static int bubt_verify(const struct bubt_dev *dst)
-- 
cgit v1.3.1


From 4b9521f2421cef5d93682879e86933d25f8ac294 Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali@kernel.org>
Date: Tue, 26 Jul 2022 16:11:57 +0200
Subject: cmd: mvebu/bubt: Correctly propagate failure during tftp transport
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

net_loop() returns signed int type and negative value represents error.
tftp_read_file() returns unsigned size_t type and zero value represents
error. Casting signed negative value to unsigned size_t type cause losing
information about error and bubt thinks that no error happened, and
continue erasing SPI-NOR which cause malfunction device.

Fix this issue by correctly propagating failure during tftp transport.

With this change when there is no eth link, bubt does not erase SPI-NOR
anymore.

  => bubt
  Burning U-Boot image "flash-image.bin" from "tftp" to "spi"
  ethernet@30000 Waiting for PHY auto negotiation to complete......... TIMEOUT !
  ethernet@30000: No link.
  Error: Failed to read file flash-image.bin from tftp

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---
 cmd/mvebu/bubt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'cmd')

diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index a05e22a5479..2924b1539f3 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -455,11 +455,14 @@ static int is_usb_active(void)
 #ifdef CONFIG_CMD_NET
 static size_t tftp_read_file(const char *file_name)
 {
+	int ret;
+
 	/*
 	 * update global variable image_load_addr before tftp file from network
 	 */
 	image_load_addr = get_load_addr();
-	return net_loop(TFTPGET);
+	ret = net_loop(TFTPGET);
+	return ret > 0 ? ret : 0;
 }
 
 static int is_tftp_active(void)
-- 
cgit v1.3.1


From 93c1358bcd6b249260f239042fba025764b4a89e Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali@kernel.org>
Date: Tue, 26 Jul 2022 16:11:58 +0200
Subject: cmd: mvebu/bubt: Add support for sha512 checksum validation for
 Armada 3700
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Armada 3700 BootROM supports also images with sha512 checksums and
mox-imager tool [1] generates such bootable images. Without sha512 support
U-Boot bubt command just prints error message:

  Error: Unsupported hash_algorithm_id = 64
  Error: Image header verification failed

This patch adds support for sha512 checksum validation for Armada 3700
images. With it bubt prints:

  Image checksum...OK!

[1] - https://gitlab.nic.cz/turris/mox-boot-builder.git

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---
 cmd/mvebu/Kconfig | 1 +
 cmd/mvebu/bubt.c  | 9 +++++++++
 2 files changed, 10 insertions(+)

(limited to 'cmd')

diff --git a/cmd/mvebu/Kconfig b/cmd/mvebu/Kconfig
index 39963db82c9..120397d6d4d 100644
--- a/cmd/mvebu/Kconfig
+++ b/cmd/mvebu/Kconfig
@@ -4,6 +4,7 @@ depends on ARCH_MVEBU
 config CMD_MVEBU_BUBT
 	bool "bubt"
 	select SHA256 if ARMADA_3700
+	select SHA512 if ARMADA_3700
 	help
 	  bubt - Burn a u-boot image to flash
 	  For details about bubt command please see the documentation
diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index 2924b1539f3..276069a0efc 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -26,6 +26,7 @@
 #endif
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
+#include <u-boot/sha512.h>
 
 #if defined(CONFIG_ARMADA_8K)
 #define MAIN_HDR_MAGIC		0xB105B002
@@ -566,8 +567,10 @@ static int check_image_header(void)
 	int image_num;
 	u8 hash_160_output[SHA1_SUM_LEN];
 	u8 hash_256_output[SHA256_SUM_LEN];
+	u8 hash_512_output[SHA512_SUM_LEN];
 	sha1_context hash1_text;
 	sha256_context hash256_text;
+	sha512_context hash512_text;
 	u8 *hash_output;
 	u32 hash_algorithm_id;
 	u32 image_size_to_hash;
@@ -637,6 +640,12 @@ static int check_image_header(void)
 			sha256_finish(&hash256_text, hash_256_output);
 			hash_output = hash_256_output;
 			break;
+		case SHA512_SUM_LEN:
+			sha512_starts(&hash512_text);
+			sha512_update(&hash512_text, buff, image_size_to_hash);
+			sha512_finish(&hash512_text, hash_512_output);
+			hash_output = hash_512_output;
+			break;
 		default:
 			printf("Error: Unsupported hash_algorithm_id = %d\n",
 			       hash_algorithm_id);
-- 
cgit v1.3.1


From 09b0e20d73e371a7cba2db3a95c4173bd8209555 Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali@kernel.org>
Date: Tue, 26 Jul 2022 16:11:59 +0200
Subject: cmd: mvebu/bubt: Fix cmd main return value on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Negative return value from cmd main function cause U-Boot to print criplic
error message: exit not allowed from main input shell.

Set return value on error to 1.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---
 cmd/mvebu/bubt.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'cmd')

diff --git a/cmd/mvebu/bubt.c b/cmd/mvebu/bubt.c
index 276069a0efc..ffa05bc2018 100644
--- a/cmd/mvebu/bubt.c
+++ b/cmd/mvebu/bubt.c
@@ -870,11 +870,11 @@ int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 	dst = find_bubt_dev(dst_dev_name);
 	if (!dst) {
 		printf("Error: Unknown destination \"%s\"\n", dst_dev_name);
-		return -EINVAL;
+		return 1;
 	}
 
 	if (!bubt_is_dev_active(dst))
-		return -ENODEV;
+		return 1;
 
 	/* Figure out the source device */
 	src = find_bubt_dev(src_dev_name);
@@ -891,15 +891,15 @@ int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 
 	image_size = bubt_read_file(src);
 	if (!image_size)
-		return -EIO;
+		return 1;
 
 	err = bubt_verify(dst);
 	if (err)
-		return err;
+		return 1;
 
 	err = bubt_write_file(dst, image_size);
 	if (err)
-		return err;
+		return 1;
 
 	return 0;
 }
-- 
cgit v1.3.1