Commit Graph

1187 Commits

Author SHA1 Message Date
Tom Rini
43ade93bdb Merge branch 'master' of git://www.denx.de/git/u-boot-imx 2017-02-01 16:34:25 -05:00
Mario Six
a1b6b0a9c1 arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:18 +01:00
Mario Six
4991b4f7f1 tools: kwbimage: Refactor line parsing and fix error
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.

Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:11 +01:00
Mario Six
79066ef8c9 tools: kwbimage: Factor out add_binary_header_v1
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:06 +01:00
Mario Six
e93cf53f14 tools: kwbimage: Remove unused parameter
The parameter 'params' of the image_headersz_v1 function is never used
by the function.

Hence, remove it.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:59 +01:00
Mario Six
e89016c44b tools: kwbimage: Reduce scope of variables
This patch reduces the scope of some variables.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:54 +01:00
Mario Six
885fba155c tools: kwbimage: Fix arithmetic with void pointers
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:48 +01:00
Mario Six
94490a4a70 tools: kwbimage: Fix style violations
Fix some style violations:

- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:41 +01:00
Mario Six
94084eea3b tools: kwbimage: Fix dest addr
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.

But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.

Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.

The current boards ignore both parameters anyway, so this change shouldn't
concern them.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:15 +01:00
Alexey Brodkin
a55bed1208 buildman: Update link to the most recent prebuilt ARC toolachin
To troubleshoot unexpected bhavior during building and what's more
important during execution it is strongly recommended to use recent
ARC toolchain, and so we're now referring to arc-2016.09 which is the
latest as of today.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-01-28 14:04:50 -05:00
Martin Kaiser
97f17fa627 tools: imximage: refactor header length calculations for imximage v1
We can use the same header length calculations for both imximage v1 and
v2. This addresses TODO comments about imximage v1 in the current code.

With this patch applied, *header_size_ptr in imximage_set_header() will
have the correct value for both imximage v1 and v2. This is necessary
for people wanting to add proprietary data behind the created imximage.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Cc: sbabic@denx.de
2017-01-27 10:27:32 +01:00
Tom Rini
55be9b36bd tools: Correct python building host tools
When we have python building tools for the host it will not check HOSTXX
variables but only XX variables, for example LDFLAGS and not
HOSTLDFLAGS.

Cc: Simon Glass <sjg@chromium.org>
Reported-by: Heiko Schocher <hs@denx.de>
Fixes: 1905c8fc71 ("build: Always build the libfdt python module")
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Tested-by: Heiko Schocher <hs@denx.de>
2017-01-24 10:35:56 -05:00
Sven Ebenfeld
b4e923a805 tools: mkimage: fix sizeof_mismatch found by coverity
Reported-by: Coverity (CID: 155214)
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
2017-01-20 15:38:04 -05:00
Emmanuel Vadot
80d2ae5e1f binman: add tools directory to the python path
The built _libfdt.so is placed in the /tools dir and need to say here
as it contains relative paths.
Add the directory to the python path so binman can use this module.

Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
2017-01-20 15:38:03 -05:00
Emmanuel Vadot
1905c8fc71 build: Always build the libfdt python module
Do not rely on CONFIG_SPL_OF_PLATDATA to build the libfdt python module.
If swig is present, this will be build

Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
2017-01-20 15:38:03 -05:00
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Tom Rini
516457013e Merge branch 'master' of git://www.denx.de/git/u-boot-imx 2017-01-02 16:32:05 -05:00
Emmanuel Vadot
6d799d04a8 tools: binman: Use /usr/bin/env to find python executable
Some OS (all BSD and probably others) do not have python in /usr/bin
but in another directory.
It is a common usage to use /usr/bin/env python as shebang for python
scripts so use this for binman.

Signed-off-by: Emmanuel Vadot <manu@bidouilliste.com>
2017-01-02 11:14:04 -05:00
Sven Ebenfeld
d21bd69b6e tools: mkimage: add firmware-ivt image type for HAB verification
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:06:57 +01:00
Michal Simek
ac71d4103e tools: mkimage: Call fclose in error path
This patch is fixing missing fclose() calls
in error patch introduced by:
"tools: mkimage: Use fstat instead of stat to avoid malicious hacks"
(sha1: ebe0f53f48)

Reported-by: Coverity (CID: 155064, 155065)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-27 11:24:16 -05:00
Jonathan Gray
43db3e3b3d relocate-rela: use compiler.h endian macros
Use the endian macros from u-boot's compiler.h instead of duplicating
the definitions.

This also avoids a build error on OpenBSD by removing swap64 which
collides with a system definition in endian.h pulled in by inttypes.h.

Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
2016-12-27 11:24:12 -05:00
Bin Meng
d26a38fd61 binman: Remove hard-coded file name for x86 CMC/FSP/VGA
Now that we have added file names from Kconfig in x86 u-boot.dtsi,
update binman to avoid using hard-coded names.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-12-26 13:36:23 +08:00
Tom Rini
36737f22b7 Merge git://git.denx.de/u-boot-dm 2016-12-20 08:42:04 -05:00
Simon Glass
68af100224 binman: Drop microcode features from ifdtool
Now that binman supports creating images with microcode, drop the code from
ifdtool.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
6d427c6b1f binman: Automatically include a U-Boot .dtsi file
For boards that need U-Boot-specific additions to the device tree, it is
a minor annoyance to have to add these each time the tree is synced with
upstream.

Add a means to include a file (e.g. u-boot.dtsi) automatically into the .dts
file before it is compiled.

The file uses is the first one that exists in this list:

   arch/<arch>/dts/<board.dts>-u-boot.dtsi
   arch/<arch>/dts/<soc>-u-boot.dtsi
   arch/<arch>/dts/<cpu>-u-boot.dtsi
   arch/<arch>/dts/<vendor>-u-boot.dtsi
   arch/<arch>/dts/u-boot.dtsi

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
da22909073 binman: Add support for building x86 images with FSP/CMC
Add support for two more from the inexhaustible supply of x86 binary blob
types.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
75db0860b1 binman: Add support for building x86 ROMs with SPL
When building for 64-bit x86 we need an SPL binary in the ROM. Add support
for this. Also increase entry test code coverage to 100%.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
c49deb837c binman: Add support for u-boot.img as an input binary
Add an entry type for u-boot.img (a legacy U-Boot image) and a simple test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
e0ff855138 binman: Add support for building x86 ROMs
The structure of x86 ROMs is pretty complex. There are various binary blobs
to place in the image. Microcode requires special handling so that it is
available to very early code and can be used without any memory whatsoever.

Add support for the various entry types that are currently needed, along
with some tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
4f44304b0b binman: Add basic entry types for U-Boot
Add entries to support some standard U-Boot binaries, such as u-boot.bin,
u-boot.dtb, etc. Also add some tests for these.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
bf7fd50b3b binman: Introduce binman, a tool for building binary images
This adds the basic code for binman, including command parsing, processing
of entries and generation of images.

So far no entry types are supported. These will be added in future commits
as examples of how to add new types.

See the README for documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Marek Vasut
7bae13b757 tools: mxsimage: Fix build with OpenSSL 1.1.x
The EVP_MD_CTX and EVP_CIPHER_CTX are made opaque since 1.1.x , so instead
of embedding them directly into struct sb_image_ctx and initializing them
using EVP_*_CTX_init(), we use pointers and allocate the crypto contexts
using EVP_*_CTX_new().

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
2016-12-19 12:26:39 -05:00
Jagan Teki
3713571cb7 imx6: icorem6: Add custom splashscreen support
Add custom splashscreen, engicam.bmp support for
Engicam i.CoreM6 qdl board.

Cc: Anatolij Gustschin <agust@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Matteo Lisi <matteo.lisi@engicam.com>
Cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
2016-12-16 17:15:27 +01:00
Michal Simek
ebe0f53f48 tools: mkimage: Use fstat instead of stat to avoid malicious hacks
The patch is fixing:
"tools: mkimage: Check if file is regular file"
(sha1: 56c7e80155)
which contains two issues reported by Coverity
Unchecked return value from stat and incorrect calling sequence where
attack can happen between calling stat and fopen.
Using pair in opposite order (fopen and fstat) is fixing this issue
because fstat is using the same file descriptor (FILE *).

Also fixing issue with:
"tools: mkimage: Add support for initialization table for Zynq and
ZynqMP" (sha1: 3b6460809c)
where file wasn't checked that it is regular file.

Reported-by: Coverity (CID: 154711, 154712)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-12-09 08:40:23 -05:00
Tom Rini
361a879902 Revert "Merge branch 'master' of git://www.denx.de/git/u-boot-microblaze"
This reverts commit 3edc0c2522, reversing
changes made to bb135a0180.
2016-12-09 07:56:54 -05:00
Michal Simek
37a2cf6f1a tools: mkimage: Use fstat instead of stat to avoid malicious hacks
The patch is fixing:
"tools: mkimage: Check if file is regular file"
(sha1: 56c7e80155)
which contains two issues reported by Coverity
Unchecked return value from stat and incorrect calling sequence where
attack can happen between calling stat and fopen.
Using pair in opposite order (fopen and fstat) is fixing this issue
because fstat is using the same file descriptor (FILE *).

Also fixing issue with:
"tools: mkimage: Add support for initialization table for Zynq and
ZynqMP" (sha1: 3b6460809c)
where file wasn't checked that it is regular file.

Reported-by: Coverity (CID: 154711, 154712)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Series-to: trini
Series-cc: u-boot
2016-12-08 09:23:48 +01:00
Simon Glass
a9401b2bc9 buildman: Rename do_build to config_only
This variable name is needlessly confusion. Adjust it to use a 'positive'
name instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02 20:53:18 -07:00
Simon Glass
960421ecb3 buildman: Clean up odd characters on the terminal
At present buildman leaves behind a few characters during its progress
updates, which looks odd. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02 10:37:47 -07:00
Simon Glass
b464f8e7de buildman: Squash useless output from -K
When using #define CONFIG_SOME_OPTION, the value it set to '1'. When using
defconfig (i.e. CONFIG_SOME_OPTION=y) the value is set to 'y'. This results
in differences showing up with -K. These differences are seldom useful.

Adjust buildman to suppress these differences by default.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02 10:37:47 -07:00
Simon Glass
94d2ebe5bc buildman: Add documentation for CONFIG checking
The -K option is not mentioned in the README at present. Add some notes
to describe how this is used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02 10:37:47 -07:00
Simon Glass
b50113f373 buildman: Add an option to just create the config
Normally buildman does a full build of a board. This includes creating the
u-boot.cfg file which contains all the configuration options. Buildman uses
this file with the -K option, to show differences in effective configuration
for each commit.

Doing a full build of U-Boot just to create the u-boot.cfg file is wasteful.
Add a -D option which causes buildman to only create the configuration. This
is enough to support use of -K and can be done much more quickly (typically
5-10 times faster).

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02 10:37:47 -07:00
Chris Packham
2611c05e84 tools/kwbimage: add DEBUG option
Offset 0x1 in the generated kwb image file is a set of flags, bit 0
enables debug output from the BootROM firmware.  Allow a DEBUG option in
the kwb configuration to request debug output from the BootROM firmware.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01 09:10:49 +01:00
Chris Packham
4bdb547978 tools/kwbimage: add BAUDRATE option
Offset 0x18 in some Marvell datasheets this field is redacted as
"reserved". This offset is actually a set of options and bits 2:0 allow
the selection of the UART baudrate.

Allow a BAUDRATE option to set the UART baudrate for any messages coming
from the BootROM firmware.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01 09:10:43 +01:00
Tom Rini
4d6647ab17 Merge branch 'master' of git://www.denx.de/git/u-boot-imx 2016-11-30 09:57:52 -05:00
Tom Rini
6b29a395b6 Merge git://git.denx.de/u-boot-mpc85xx 2016-11-29 19:42:48 -05:00
Eric Nelson
e5491f3ef5 tools: imximage: display DCD block offset, length
These values can be used to sign a U-Boot image for use when
loading an image through the Serial Download Protocol (SDP).

Note that the address of 0x910000 is usable with the stock
configuration of imx_usb_loader on i.MX6 and i.MX7 SOCs:

https://github.com/boundarydevices/imx_usb_loader/blob/master/mx6_usb_work.conf#L3

Refer to the section on imx_usb_loader in this post for more
details:

https://boundarydevices.com/high-assurance-boot-hab-dummies/

Signed-off-by: Eric Nelson <eric@nelint.com>
2016-11-29 16:37:37 +01:00
Max Krummenacher
333ee16d04 tools/env: fix environment alignment tests for block devices
commit 183923d3e4 enforces that the
environment must start at an erase block boundary.

For block devices the sample fw_env.config does not mandate a erase block size
for block devices. A missing setting defaults to the full env size.

Depending on the environment location the alignment check now errors out for
perfectly legal settings.

Fix this by defaulting to the standard blocksize of 0x200 for environments
stored in a block device.
That keeps the fw_env.config files for block devices working even with that
new check.

Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
2016-11-28 15:10:36 -05:00
Andre Przywara
d0fc6dc5e9 tools/Makefile: suppress "which swig" error output
The Makefile in tools/ tries to find the "swig" utility by calling "which".
If nothing is found in the path, some versions of which will print an error
message:
$ make clean
which: no swig in (/usr/local/bin:/usr/bin:/bin)

This does not apply to all version of "which", though:
$ echo $0
bash
$ type which
which is aliased to `type -path'
$ which foo				<== this version is OK
$ /usr/bin/which foo			<== this one is chatty
/usr/bin/which: no foo in (/usr/local/bin:/usr/bin:/bin)
$ sh					<== make uses /bin/sh
sh-4.3$ which foo			<== no alias here
which: no foo in (/usr/local/bin:/usr/bin:/bin)

This error message is rather pointless in our case, since we just have
this very check to care for this. So add stderr redirection to suppress
the message.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-28 15:10:35 -05:00
York Sun
f33f3e07f3 tools/env: Correct include kconfig
While we move some config macros to Kconfig, kconfig header is needed
to avoid compiling error if not already included.

Signed-off-by: York Sun <york.sun@nxp.com>
2016-11-23 23:41:23 -08:00
Andrew Duda
83dd98e012 image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:31 -05:00