Commit Graph

61 Commits

Author SHA1 Message Date
Sean Anderson
0abe3323f5 mkimage: fit: Fix signing of configs with external data
Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.

While we're at it, use the FIT_DATA_* defines for fit_config_check_sig
as welll.

Fixes: 8edecd3110 ("fit: Fix verification of images with external data")
Fixes: c522949a29 ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-10-26 11:36:06 -04:00
Steven Lawrance
7c5eeb8309 image-pre-load: Move macros/definitions to image.h
Putting these definitions in a header will allow signatures to be
validated independently of bootm.

Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-10-11 15:40:48 -04:00
Mark Kettenis
616571804a tools: mkimage: Avoid ENODATA in host tools
ENODATA isn't part of POSIX.  Use EINVAL instead.

Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-05-05 19:37:11 -04:00
Philippe Reynes
6e052d1cba mkimage: add public key for image pre-load stage
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Simon Glass
2d2384bbaf tools: mkimage: Show where signatures/keys are written
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
9737c2d1eb tools: Pass public-key node through to caller
Update the two functions that call add_verify_data() so that the caller
can see the node that was written to.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
48422343c8 tools: Drop unused name in image-host
The name is created but never used. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
70e6bcc43f tools: Improve comments in signing functions
Add some more comments to explain what is going on in the signing
functions. Fix two repeated typos.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Jan Kiszka
5902a397d0 mkimage: Allow to specify the signature algorithm on the command line
This permits to prepare FIT image description that do not hard-code the
final choice of the signature algorithm, possibly requiring the user to
patch the sources.

When -o <algo> is specified, this information is used in favor of the
'algo' property in the signature node. Furthermore, that property is set
accordingly when writing the image.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-24 10:35:10 -05:00
Jan Kiszka
4550ce9be0 image-fit: Make string of algo parameter constant
Modifications would be invalid.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-24 10:35:10 -05:00
Heinrich Schuchardt
185f812c41 doc: replace @return by Return:
Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 18:11:34 +01:00
Vagrant Cascadian
2c6bcab6e6 tools/image-host.c: Fix spelling of "expected".
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-12 16:49:21 -04:00
Simon Glass
7f0f4e1825 tools: Avoid showing return value of clock_gettime()
This value is either 0 for success or -1 for error. Coverity reports that
"ret" is passed to a parameter that cannot be negative, pointing to the
condition 'if (ret < 0)'.

Adjust it to just check for non-zero and avoid showing -1 in the error
message, which is pointless. Perhaps these changes will molify Coverity.

Reported-by: Coverity (CID: 312956)
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-15 18:42:05 -04:00
Ming Liu
7c39799dec tools: image-host: fix wrong return value
The return value '-ENOSPC' of fit_set_timestamp function does not match
the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'.

Fix it by not calling fit_set_timestamp, but call fdt_setprop instead.

This fixes a following mkimage error:
| Can't write signature for 'signature@1' signature node in
| 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error>
| mkimage Can't add hashes to FIT blob: -1

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io>
2021-07-14 16:57:35 -04:00
Alexandru Gagniuc
36bfcb62b3 mkimage: Add a 'keyfile' argument for image signing
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.

Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Philippe Reynes
edfeba7538 tools: image-host: add support for several sub-images
The propoerty sign-images points to images in the configuration
node. But thoses images may references severals "sub-images" (for
example for images loadable). This commit adds the support of
severals sub-images.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2021-01-22 16:17:52 -05:00
Philippe Reynes
5a4116f1a2 tools: image-host: clean function fit_config_get_hash_list
This commit creates a function fit_config_add_hash that will be
used in the next commit to support several 'sub-images'.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-22 16:17:52 -05:00
Philippe Reynes
2692749316 tools: image-host.c: use correct variable for strerrno
In the function get_random_data, strerrno is called with
the variable ret (which is the return of the function
clock_gettime). It should be called with errnor. This
commit fixes this mistake.

Reported-by: Coverity (CID: 312956)
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-11-19 09:45:49 -05:00
Philippe Reynes
cc34f04efd tools: image-host.c: use random instead of rand
According to the manpage of rand, it is recommended
to use random instead of rand. This commit updates
the function get_random_data to use random.

Reported-by: Coverity (CID: 312953)
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-11-19 09:45:49 -05:00
Heinrich Schuchardt
3311eda658 tools: image-host.c: use correct output format
When building on a 32bit host the following warning occurs:

tools/image-host.c: In function ‘fit_image_read_data’:
tools/image-host.c:296:56: warning: format ‘%ld’ expects argument of
type ‘long int’, but argument 3 has type ‘__off64_t’
{aka ‘long long int’} [-Wformat=]
   printf("File %s don't have the expected size (size=%ld, expected=%d)\n",
                                                      ~~^
                                                      %lld
          filename, sbuf.st_size, expected_size);
                    ~~~~~~~~~~~~
tools/image-host.c:311:62: warning: format ‘%ld’ expects argument of
type ‘long int’, but argument 4 has type ‘__off64_t’
{aka ‘long long int’} [-Wformat=]
   printf("Can't read all file %s (read %zd bytes, expexted %ld)\n",
                                                            ~~^
                                                            %lld
          filename, n, sbuf.st_size);
                       ~~~~~~~~~~~~

Fix the format strings.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-22 09:54:54 -04:00
Philippe Reynes
a6982a6f76 fit: cipher: aes: allow to store the IV in the FIT image
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-10-12 21:30:37 -04:00
Patrick Oppenlander
ef40129c33 mkimage: fit: include image cipher in configuration signature
This patch addresses issue #2 for signed configurations.

-----8<-----

Including the image cipher properties in the configuration signature
prevents an attacker from modifying cipher, key or iv properties.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-08-07 11:47:18 -04:00
Patrick Oppenlander
b33e5cc182 mkimage: fit: don't cipher ciphered data
Previously, mkimage -F could be run multiple times causing already
ciphered image data to be ciphered again.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-08-07 11:47:18 -04:00
Patrick Oppenlander
04aeebb131 mkimage: fit: handle FDT_ERR_NOSPACE when ciphering
Also replace fdt_delprop/fdt_setprop with fdt_setprop as fdt_setprop can
replace an existing property value.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-08-07 11:47:18 -04:00
Patrick Oppenlander
c520266f9a mkimage: fit: only process one cipher node
Previously mkimage would process any node matching the regex cipher.*
and apply the ciphers to the image data in the order they appeared in
the FDT. This meant that data could be inadvertently ciphered multiple
times.

Switch to processing a single cipher node which exactly matches
FIT_CIPHER_NODENAME.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-08-07 11:47:18 -04:00
Masahiro Yamada
64045a6a17 libfdt: split fdt_region declarations out to <fdt_region.h>
fdt_region APIs are not part of libfdt. They are U-Boot extension
for the verified boot. Split the declarations related to fdt_region
out of <fdt_region.h>. This allows <linux/libfdt.h> to become a
simple wrapper file, like Linux does.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-04-26 14:24:08 -06:00
Heinrich Schuchardt
b21c08a12b tools: image-host.c: use correct output format
When building on a 32bit host the following warning occurs:

tools/image-host.c: In function ‘fit_image_read_data’:
tools/image-host.c:310:42: warning: format ‘%ld’ expects argument of type
‘long int’, but argument 3 has type ‘ssize_t’ {aka ‘int’} [-Wformat=]
   printf("Can't read all file %s (read %ld bytes, expexted %ld)\n",
                                        ~~^
                                        %d
          filename, n, sbuf.st_size);
                    ~

n is of type ssize_t so we should use %zd for printing.

Fixes: 7298e42250 ("mkimage: fit: add support to encrypt image with aes")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-24 10:51:32 -04:00
Simon Glass
72188f5462 image: Use constants for 'required' and 'key-name-hint'
These are used in multiple places so update them to use a shared #define.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-04-01 07:45:09 -06:00
Simon Glass
c3aa81e35c fit_check_sign: Allow selecting the configuration to verify
This tool always verifies the default configuration. It is useful to be
able to verify a specific one. Add a command-line flag for this and plumb
the logic through.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
382cf62039 image: Be a little more verbose when checking signatures
It is useful to be a little more specific about what is being checked.
Update a few messages to help with this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Philippe Reynes
a3ca99c260 tools: image-host.c: remove uboot_aes.h
The include uboot_aes.h is not useful and
it breaks the compilation on android, so
we remove it.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reported-by: Praneeth Bajjuri <praneeth@ti.com>
2020-02-25 11:29:39 -05:00
Philippe Reynes
7298e42250 mkimage: fit: add support to encrypt image with aes
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:15:49 -05:00
Philippe Reynes
20031567e1 rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Alex Kiernan
795f452eef mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
2018-07-10 16:56:00 -04:00
Teddy Reed
7346c1e192 vboot: Do not use hashed-strings offset
The hashed-strings signature property includes two uint32_t values.
The first is unneeded as there should never be a start offset into the
strings region. The second, the size, is needed because the added
signature node appends to this region.

See tools/image-host.c, where a static 0 value is used for the offset.

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-10 16:55:58 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Andre Przywara
b2267e8a22 fix incorrect usage of DT node unit address in comments
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2018-01-15 18:29:21 -07:00
Masahiro Yamada
76b9cbab25 tools: image: fix message when fail to add verification data for config
This function is called when signing configuration nodes.  Adjust
the error message.

I do not know why we do not need to show the error message in case of
ENOSPC.  Remove the if-conditional that seems unnecessary.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-06 09:59:01 -05:00
Masahiro Yamada
6793d017a7 tools: image: allow to sign image nodes without -K option
If -K option is missing when you sign image nodes, it fails with
an unclear error message:

  tools/mkimage Can't add hashes to FIT blob: -1

It is hard to figure out the cause of the failure.

In contrast, when you sign configuration nodes, -K is optional because
fit_config_process_sig() returns successfully if keydest is unset.
Probably this is a preferred behavior when you want to update FIT with
the same key; you do not have to update the public key in this case.

So, this commit changes fit_image_process_sig() to continue signing
without keydest.  If ->add_verify_data() fails, show a clearer error
message, which has been borrowed from fit_config_process_sig().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-06 09:59:00 -05:00
Masahiro Yamada
1d88a99d1b tools: image: fix "algo" property of public key for verified boot
The "algo_name" points to a property in a blob being edited.  The
pointer becomes stale when fit_image_write_sig() inserts signatures.
Then crypto->add_verify_data() writes wrong data to the public key
destination.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-06 09:59:00 -05:00
Masahiro Yamada
16067e6b87 tools: image: fix node name of signature node in FIT
Both "conf_name" and "sig_name" point to the name of config node.
The latter should be the name of the signature node.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2017-10-23 17:28:17 -04:00
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Andrew Duda
83dd98e012 image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:31 -05:00
Andrew Duda
0c1d74fda7 image: Add crypto_algo struct for RSA info
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-21 14:07:31 -05:00
mario.six@gdsys.cc
713fb2dcb2 tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7
[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236ebd and
2b9ec76 into this commit - trini]

- Added an additional NULL check, as suggested by Simon Glass to
  fit_image_process_sig
- Re-formatted the comment blocks

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
[For merging the chnages from v2 back onto v1]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-07-25 12:01:36 -04:00
mario.six@gdsys.cc
c236ebd2fa tools: Fix return code of fit_image_process_sig()
When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.

Unfortunately, if large keys are used (such as 4096 bit RSA keys), this
process fails sometimes, and mkimage needs to be called repeatedly to
integrate the keys into the DTB.

This is because fit_add_file_data actually returns the wrong error
code, and the loop terminates prematurely, instead of trying again with
a larger size value.

This patch corrects the return value and also removes a error message,
which is misleading, since we actually allow the function to fail. A
(hopefully helpful) comment is also added to explain the lack of error
message.

This is probably related to 1152a05 ("tools: Correct error handling in
fit_image_process_hash()") and the corresponding error reported here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

Signed-off-by: Mario Six <mario.six@gdsys.cc>
2016-07-22 14:46:24 -04:00
Simon Glass
1152a05ee6 tools: Correct error handling in fit_image_process_hash()
We should not be returning -1 as an error code. This can mask a situation
where we run out of space adding things to the FIT. By returning the correct
error in this case (-ENOSPC) it can be handled by the higher-level code.

This may fix the error reported by Tom Van Deun here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

although I am not sure as I cannot actually repeat it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Tom Van Deun <tom.vandeun@wapice.com>
Reviewed-by: Teddy Reed <teddy.reed@gmail.com>
2016-07-14 18:22:37 -04:00
Heiko Schocher
04a710a593 tools: fix typo in tools/image-host.c
fix a typo in error printf. If FIT_CONFS_PATH is not found
print FIT_CONFS_PATH not FIT_IMAGES_PATH.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2014-08-14 11:20:01 +02:00
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00