mirror of
				https://xff.cz/git/u-boot/
				synced 2025-10-26 16:13:55 +01:00 
			
		
		
		
	Add support for signing with the pkcs11 engine. This allows FIT images to be signed with keys securely stored on a smartcard, hardware security module, etc without exposing the keys. Support for other engines can be added in the future by modifying rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct correct key_id strings. Signed-off-by: George McCollister <george.mccollister@gmail.com>
		
			
				
	
	
		
			307 lines
		
	
	
		
			9.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			307 lines
		
	
	
		
			9.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * (C) Copyright 2013
 | |
|  *
 | |
|  * Written by Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
 | |
|  *
 | |
|  * SPDX-License-Identifier:	GPL-2.0+
 | |
|  */
 | |
| 
 | |
| #ifndef _IMAGETOOL_H_
 | |
| #define _IMAGETOOL_H_
 | |
| 
 | |
| #include "os_support.h"
 | |
| #include <errno.h>
 | |
| #include <fcntl.h>
 | |
| #include <stdio.h>
 | |
| #include <stdlib.h>
 | |
| #include <string.h>
 | |
| #include <sys/stat.h>
 | |
| #include <sys/types.h>
 | |
| #include <time.h>
 | |
| #include <unistd.h>
 | |
| #include <u-boot/sha1.h>
 | |
| 
 | |
| #include "fdt_host.h"
 | |
| 
 | |
| #define ARRAY_SIZE(x)		(sizeof(x) / sizeof((x)[0]))
 | |
| 
 | |
| #define IH_ARCH_DEFAULT		IH_ARCH_INVALID
 | |
| 
 | |
| /* Information about a file that needs to be placed into the FIT */
 | |
| struct content_info {
 | |
| 	struct content_info *next;
 | |
| 	int type;		/* File type (IH_TYPE_...) */
 | |
| 	const char *fname;
 | |
| };
 | |
| 
 | |
| /*
 | |
|  * This structure defines all such variables those are initialized by
 | |
|  * mkimage and dumpimage main core and need to be referred by image
 | |
|  * type specific functions
 | |
|  */
 | |
| struct image_tool_params {
 | |
| 	int dflag;
 | |
| 	int eflag;
 | |
| 	int fflag;
 | |
| 	int iflag;
 | |
| 	int lflag;
 | |
| 	int pflag;
 | |
| 	int vflag;
 | |
| 	int xflag;
 | |
| 	int skipcpy;
 | |
| 	int os;
 | |
| 	int arch;
 | |
| 	int type;
 | |
| 	int comp;
 | |
| 	char *dtc;
 | |
| 	unsigned int addr;
 | |
| 	unsigned int ep;
 | |
| 	char *imagename;
 | |
| 	char *imagename2;
 | |
| 	char *datafile;
 | |
| 	char *imagefile;
 | |
| 	char *cmdname;
 | |
| 	const char *outfile;	/* Output filename */
 | |
| 	const char *keydir;	/* Directory holding private keys */
 | |
| 	const char *keydest;	/* Destination .dtb for public key */
 | |
| 	const char *comment;	/* Comment to add to signature node */
 | |
| 	int require_keys;	/* 1 to mark signing keys as 'required' */
 | |
| 	int file_size;		/* Total size of output file */
 | |
| 	int orig_file_size;	/* Original size for file before padding */
 | |
| 	bool auto_its;		/* Automatically create the .its file */
 | |
| 	int fit_image_type;	/* Image type to put into the FIT */
 | |
| 	char *fit_ramdisk;	/* Ramdisk file to include */
 | |
| 	struct content_info *content_head;	/* List of files to include */
 | |
| 	struct content_info *content_tail;
 | |
| 	bool external_data;	/* Store data outside the FIT */
 | |
| 	bool quiet;		/* Don't output text in normal operation */
 | |
| 	unsigned int external_offset;	/* Add padding to external data */
 | |
| 	const char *engine_id;	/* Engine to use for signing */
 | |
| };
 | |
| 
 | |
| /*
 | |
|  * image type specific variables and callback functions
 | |
|  */
 | |
| struct image_type_params {
 | |
| 	/* name is an identification tag string for added support */
 | |
| 	char *name;
 | |
| 	/*
 | |
| 	 * header size is local to the specific image type to be supported,
 | |
| 	 * mkimage core treats this as number of bytes
 | |
| 	 */
 | |
| 	uint32_t header_size;
 | |
| 	/* Image type header pointer */
 | |
| 	void *hdr;
 | |
| 	/*
 | |
| 	 * There are several arguments that are passed on the command line
 | |
| 	 * and are registered as flags in image_tool_params structure.
 | |
| 	 * This callback function can be used to check the passed arguments
 | |
| 	 * are in-lined with the image type to be supported
 | |
| 	 *
 | |
| 	 * Returns 1 if parameter check is successful
 | |
| 	 */
 | |
| 	int (*check_params) (struct image_tool_params *);
 | |
| 	/*
 | |
| 	 * This function is used by list command (i.e. mkimage -l <filename>)
 | |
| 	 * image type verification code must be put here
 | |
| 	 *
 | |
| 	 * Returns 0 if image header verification is successful
 | |
| 	 * otherwise, returns respective negative error codes
 | |
| 	 */
 | |
| 	int (*verify_header) (unsigned char *, int, struct image_tool_params *);
 | |
| 	/* Prints image information abstracting from image header */
 | |
| 	void (*print_header) (const void *);
 | |
| 	/*
 | |
| 	 * The header or image contents need to be set as per image type to
 | |
| 	 * be generated using this callback function.
 | |
| 	 * further output file post processing (for ex. checksum calculation,
 | |
| 	 * padding bytes etc..) can also be done in this callback function.
 | |
| 	 */
 | |
| 	void (*set_header) (void *, struct stat *, int,
 | |
| 					struct image_tool_params *);
 | |
| 	/*
 | |
| 	 * This function is used by the command to retrieve a component
 | |
| 	 * (sub-image) from the image (i.e. dumpimage -i <image> -p <position>
 | |
| 	 * <sub-image-name>).
 | |
| 	 * Thus the code to extract a file from an image must be put here.
 | |
| 	 *
 | |
| 	 * Returns 0 if the file was successfully retrieved from the image,
 | |
| 	 * or a negative value on error.
 | |
| 	 */
 | |
| 	int (*extract_subimage)(void *, struct image_tool_params *);
 | |
| 	/*
 | |
| 	 * Some image generation support for ex (default image type) supports
 | |
| 	 * more than one type_ids, this callback function is used to check
 | |
| 	 * whether input (-T <image_type>) is supported by registered image
 | |
| 	 * generation/list low level code
 | |
| 	 */
 | |
| 	int (*check_image_type) (uint8_t);
 | |
| 	/* This callback function will be executed if fflag is defined */
 | |
| 	int (*fflag_handle) (struct image_tool_params *);
 | |
| 	/*
 | |
| 	 * This callback function will be executed for variable size record
 | |
| 	 * It is expected to build this header in memory and return its length
 | |
| 	 * and a pointer to it by using image_type_params.header_size and
 | |
| 	 * image_type_params.hdr. The return value shall indicate if an
 | |
| 	 * additional padding should be used when copying the data image
 | |
| 	 * by returning the padding length.
 | |
| 	 */
 | |
| 	int (*vrec_header) (struct image_tool_params *,
 | |
| 		struct image_type_params *);
 | |
| };
 | |
| 
 | |
| /**
 | |
|  * imagetool_get_type() - find the image type params for a given image type
 | |
|  *
 | |
|  * It scans all registers image type supports
 | |
|  * checks the input type for each supported image type
 | |
|  *
 | |
|  * if successful,
 | |
|  *     returns respective image_type_params pointer if success
 | |
|  * if input type_id is not supported by any of image_type_support
 | |
|  *     returns NULL
 | |
|  */
 | |
| struct image_type_params *imagetool_get_type(int type);
 | |
| 
 | |
| /*
 | |
|  * imagetool_verify_print_header() - verifies the image header
 | |
|  *
 | |
|  * Scan registered image types and verify the image_header for each
 | |
|  * supported image type. If verification is successful, this prints
 | |
|  * the respective header.
 | |
|  *
 | |
|  * @return 0 on success, negative if input image format does not match with
 | |
|  * any of supported image types
 | |
|  */
 | |
| int imagetool_verify_print_header(
 | |
| 	void *ptr,
 | |
| 	struct stat *sbuf,
 | |
| 	struct image_type_params *tparams,
 | |
| 	struct image_tool_params *params);
 | |
| 
 | |
| /**
 | |
|  * imagetool_save_subimage - store data into a file
 | |
|  * @file_name: name of the destination file
 | |
|  * @file_data: data to be written
 | |
|  * @file_len: the amount of data to store
 | |
|  *
 | |
|  * imagetool_save_subimage() store file_len bytes of data pointed by file_data
 | |
|  * into the file name by file_name.
 | |
|  *
 | |
|  * returns:
 | |
|  *     zero in case of success or a negative value if fail.
 | |
|  */
 | |
| int imagetool_save_subimage(
 | |
| 	const char *file_name,
 | |
| 	ulong file_data,
 | |
| 	ulong file_len);
 | |
| 
 | |
| /**
 | |
|  * imagetool_get_filesize() - Utility function to obtain the size of a file
 | |
|  *
 | |
|  * This function prints a message if an error occurs, showing the error that
 | |
|  * was obtained.
 | |
|  *
 | |
|  * @params:	mkimage parameters
 | |
|  * @fname:	filename to check
 | |
|  * @return size of file, or -ve value on error
 | |
|  */
 | |
| int imagetool_get_filesize(struct image_tool_params *params, const char *fname);
 | |
| 
 | |
| /**
 | |
|  * imagetool_get_source_date() - Get timestamp for build output.
 | |
|  *
 | |
|  * Gets a timestamp for embedding it in a build output. If set
 | |
|  * SOURCE_DATE_EPOCH is used. Else the given fallback value is returned. Prints
 | |
|  * an error message if SOURCE_DATE_EPOCH contains an invalid value and returns
 | |
|  * 0.
 | |
|  *
 | |
|  * @params:	mkimage parameters
 | |
|  * @fallback:	timestamp to use if SOURCE_DATE_EPOCH isn't set
 | |
|  * @return timestamp based on SOURCE_DATE_EPOCH
 | |
|  */
 | |
| time_t imagetool_get_source_date(
 | |
| 	struct image_tool_params *params,
 | |
| 	time_t fallback);
 | |
| 
 | |
| /*
 | |
|  * There is a c file associated with supported image type low level code
 | |
|  * for ex. default_image.c, fit_image.c
 | |
|  */
 | |
| 
 | |
| 
 | |
| void pbl_load_uboot(int fd, struct image_tool_params *mparams);
 | |
| 
 | |
| #define ___cat(a, b) a ## b
 | |
| #define __cat(a, b) ___cat(a, b)
 | |
| 
 | |
| /* we need some special handling for this host tool running eventually on
 | |
|  * Darwin. The Mach-O section handling is a bit different than ELF section
 | |
|  * handling. The differnces in detail are:
 | |
|  *  a) we have segments which have sections
 | |
|  *  b) we need a API call to get the respective section symbols */
 | |
| #if defined(__MACH__)
 | |
| #include <mach-o/getsect.h>
 | |
| 
 | |
| #define INIT_SECTION(name)  do {					\
 | |
| 		unsigned long name ## _len;				\
 | |
| 		char *__cat(pstart_, name) = getsectdata("__TEXT",	\
 | |
| 			#name, &__cat(name, _len));			\
 | |
| 		char *__cat(pstop_, name) = __cat(pstart_, name) +	\
 | |
| 			__cat(name, _len);				\
 | |
| 		__cat(__start_, name) = (void *)__cat(pstart_, name);	\
 | |
| 		__cat(__stop_, name) = (void *)__cat(pstop_, name);	\
 | |
| 	} while (0)
 | |
| #define SECTION(name)   __attribute__((section("__TEXT, " #name)))
 | |
| 
 | |
| struct image_type_params **__start_image_type, **__stop_image_type;
 | |
| #else
 | |
| #define INIT_SECTION(name) /* no-op for ELF */
 | |
| #define SECTION(name)   __attribute__((section(#name)))
 | |
| 
 | |
| /* We construct a table of pointers in an ELF section (pointers generally
 | |
|  * go unpadded by gcc).  ld creates boundary syms for us. */
 | |
| extern struct image_type_params *__start_image_type[], *__stop_image_type[];
 | |
| #endif /* __MACH__ */
 | |
| 
 | |
| #if !defined(__used)
 | |
| # if __GNUC__ == 3 && __GNUC_MINOR__ < 3
 | |
| #  define __used			__attribute__((__unused__))
 | |
| # else
 | |
| #  define __used			__attribute__((__used__))
 | |
| # endif
 | |
| #endif
 | |
| 
 | |
| #define U_BOOT_IMAGE_TYPE( \
 | |
| 		_id, \
 | |
| 		_name, \
 | |
| 		_header_size, \
 | |
| 		_header, \
 | |
| 		_check_params, \
 | |
| 		_verify_header, \
 | |
| 		_print_header, \
 | |
| 		_set_header, \
 | |
| 		_extract_subimage, \
 | |
| 		_check_image_type, \
 | |
| 		_fflag_handle, \
 | |
| 		_vrec_header \
 | |
| 	) \
 | |
| 	static struct image_type_params __cat(image_type_, _id) = \
 | |
| 	{ \
 | |
| 		.name = _name, \
 | |
| 		.header_size = _header_size, \
 | |
| 		.hdr = _header, \
 | |
| 		.check_params = _check_params, \
 | |
| 		.verify_header = _verify_header, \
 | |
| 		.print_header = _print_header, \
 | |
| 		.set_header = _set_header, \
 | |
| 		.extract_subimage = _extract_subimage, \
 | |
| 		.check_image_type = _check_image_type, \
 | |
| 		.fflag_handle = _fflag_handle, \
 | |
| 		.vrec_header = _vrec_header \
 | |
| 	}; \
 | |
| 	static struct image_type_params *SECTION(image_type) __used \
 | |
| 		__cat(image_type_ptr_, _id) = &__cat(image_type_, _id)
 | |
| 
 | |
| #endif /* _IMAGETOOL_H_ */
 |