From 982207435a7b96d594336a88c08cb5b09e5f2963 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 28 Mar 2022 22:56:59 +0200 Subject: boot: image: add a stage pre-load Add a stage pre-load that could check or modify an image. For the moment, only a header with a signature is supported. This header has the following format: - magic : 4 bytes - version : 4 bytes - header size : 4 bytes - image size : 4 bytes - offset image signature : 4 bytes - flags : 4 bytes - reserved0 : 4 bytes - reserved1 : 4 bytes - sha256 of the image signature : 32 bytes - signature of the first 64 bytes : n bytes - image signature : n bytes - padding : up to header size The stage uses a node /image/pre-load/sig to get some informations: - algo-name (mandatory) : name of the algo used to sign - padding-name : name of padding used to sign - signature-size : size of the signature (in the header) - mandatory : set to yes if this sig is mandatory - public-key (madatory) : value of the public key Before running the image, the stage pre-load checks the signature provided in the header. This is an initial support, later we could add the support of: - ciphering - uncompressing - ... Signed-off-by: Philippe Reynes --- include/image.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'include') diff --git a/include/image.h b/include/image.h index 97e5f2eb24d..fbcf70f5e4f 100644 --- a/include/image.h +++ b/include/image.h @@ -48,6 +48,7 @@ struct fdt_region; extern ulong image_load_addr; /* Default Load Address */ extern ulong image_save_addr; /* Default Save Address */ extern ulong image_save_size; /* Default Save Size */ +extern ulong image_load_offset; /* Default Load Address Offset */ /* An invalid size, meaning that the image size is not known */ #define IMAGE_SIZE_INVAL (-1UL) @@ -1323,6 +1324,19 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name); */ struct padding_algo *image_get_padding_algo(const char *name); +/** + * image_pre_load() - Manage pre load header + * + * Manage the pre-load header before launching the image. + * It checks the signature of the image. It also set the + * variable image_load_offset to skip this header before + * launching the image. + * + * @param addr Address of the image + * @return: 0 on success, -ve on error + */ +int image_pre_load(ulong addr); + /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * -- cgit v1.2.3 From 9d46e63d9771c789c2c934bb6f5f6af042f1bba0 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 28 Mar 2022 22:57:00 +0200 Subject: cmd: bootm: add a stage pre-load Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- include/image.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/image.h b/include/image.h index fbcf70f5e4f..496b7af3f36 100644 --- a/include/image.h +++ b/include/image.h @@ -351,6 +351,7 @@ typedef struct bootm_headers { #define BOOTM_STATE_OS_PREP (0x00000100) #define BOOTM_STATE_OS_FAKE_GO (0x00000200) /* 'Almost' run the OS */ #define BOOTM_STATE_OS_GO (0x00000400) +#define BOOTM_STATE_PRE_LOAD 0x00000800 int state; #if defined(CONFIG_LMB) && !defined(USE_HOSTCC) -- cgit v1.2.3 From 6e052d1cbafbedbfba73070da483111f2ae68e5a Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 28 Mar 2022 22:57:02 +0200 Subject: mkimage: add public key for image pre-load stage This commit enhances mkimage to update the node /image/pre-load/sig with the public key. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- include/image.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'include') diff --git a/include/image.h b/include/image.h index 496b7af3f36..498eb7f2e3e 100644 --- a/include/image.h +++ b/include/image.h @@ -1019,6 +1019,21 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int fit_set_timestamp(void *fit, int noffset, time_t timestamp); +/** + * fit_pre_load_data() - add public key to fdt blob + * + * Adds public key to the node pre load. + * + * @keydir: Directory containing keys + * @keydest: FDT blob to write public key + * @fit: Pointer to the FIT format image header + * + * returns: + * 0, on success + * < 0, on failure + */ +int fit_pre_load_data(const char *keydir, void *keydest, void *fit); + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname); -- cgit v1.2.3