diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/Makefile | 2 | ||||
| -rw-r--r-- | tools/env/fw_env.c | 2 | ||||
| -rw-r--r-- | tools/image-host.c | 152 | ||||
| -rw-r--r-- | tools/mkeficapsule.c | 41 | ||||
| -rw-r--r-- | tools/mkimage.c | 11 |
5 files changed, 123 insertions, 85 deletions
diff --git a/tools/Makefile b/tools/Makefile index 9b1aa51b10a..2d550432ba5 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -155,7 +155,7 @@ HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE endif # MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE),) +ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \ diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index 66cb9d2a25e..2a61a5d6f04 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -1208,7 +1208,7 @@ static int flash_write(int fd_current, int fd_target, int dev_target) if (IS_UBI(dev_target)) { if (ubi_update_start(fd_target, CUR_ENVSIZE) < 0) - return 0; + return -1; return ubi_write(fd_target, environment.image, CUR_ENVSIZE); } diff --git a/tools/image-host.c b/tools/image-host.c index e32cc642579..33a224129a0 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -700,13 +700,84 @@ static const char *fit_config_get_image_list(void *fit, int noffset, return default_list; } +static int fit_config_add_hash(void *fit, const char *conf_name, const char *sig_name, + struct strlist *node_inc, const char *iname, int image_noffset) +{ + char name[200], path[200]; + int noffset; + int hash_count; + int ret; + + ret = fdt_get_path(fit, image_noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + + snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, + conf_name); + + /* Add all this image's hashes */ + hash_count = 0; + for (noffset = fdt_first_subnode(fit, image_noffset); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset)) { + const char *name = fit_get_name(fit, noffset, NULL); + + if (strncmp(name, FIT_HASH_NODENAME, + strlen(FIT_HASH_NODENAME))) + continue; + ret = fdt_get_path(fit, noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + hash_count++; + } + + if (!hash_count) { + printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n", + conf_name, sig_name, iname); + return -ENOMSG; + } + + /* Add this image's cipher node if present */ + noffset = fdt_subnode_offset(fit, image_noffset, + FIT_CIPHER_NODENAME); + if (noffset != -FDT_ERR_NOTFOUND) { + if (noffset < 0) { + printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n", + conf_name, sig_name, iname, + fdt_strerror(noffset)); + return -EIO; + } + ret = fdt_get_path(fit, noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + } + + return 0; + +err_mem: + printf("Out of memory processing configuration '%s/%s'\n", conf_name, + sig_name); + return -ENOMEM; + +err_path: + printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n", + iname, conf_name, sig_name, fdt_strerror(ret)); + return -ENOENT; +} + static int fit_config_get_hash_list(void *fit, int conf_noffset, int sig_offset, struct strlist *node_inc) { int allow_missing; const char *prop, *iname, *end; const char *conf_name, *sig_name; - char name[200], path[200]; + char name[200]; int image_count; int ret, len; @@ -733,72 +804,32 @@ static int fit_config_get_hash_list(void *fit, int conf_noffset, end = prop + len; image_count = 0; for (iname = prop; iname < end; iname += strlen(iname) + 1) { - int noffset; int image_noffset; - int hash_count; + int index, max_index; - image_noffset = fit_conf_get_prop_node(fit, conf_noffset, - iname); - if (image_noffset < 0) { - printf("Failed to find image '%s' in configuration '%s/%s'\n", - iname, conf_name, sig_name); - if (allow_missing) - continue; + max_index = fdt_stringlist_count(fit, conf_noffset, iname); - return -ENOENT; - } - - ret = fdt_get_path(fit, image_noffset, path, sizeof(path)); - if (ret < 0) - goto err_path; - if (strlist_add(node_inc, path)) - goto err_mem; + for (index = 0; index < max_index; index++) { + image_noffset = fit_conf_get_prop_node_index(fit, conf_noffset, + iname, index); - snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, - conf_name); + if (image_noffset < 0) { + printf("Failed to find image '%s' in configuration '%s/%s'\n", + iname, conf_name, sig_name); + if (allow_missing) + continue; - /* Add all this image's hashes */ - hash_count = 0; - for (noffset = fdt_first_subnode(fit, image_noffset); - noffset >= 0; - noffset = fdt_next_subnode(fit, noffset)) { - const char *name = fit_get_name(fit, noffset, NULL); + return -ENOENT; + } - if (strncmp(name, FIT_HASH_NODENAME, - strlen(FIT_HASH_NODENAME))) - continue; - ret = fdt_get_path(fit, noffset, path, sizeof(path)); + ret = fit_config_add_hash(fit, conf_name, + sig_name, node_inc, + iname, image_noffset); if (ret < 0) - goto err_path; - if (strlist_add(node_inc, path)) - goto err_mem; - hash_count++; - } + return ret; - if (!hash_count) { - printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n", - conf_name, sig_name, iname); - return -ENOMSG; + image_count++; } - - /* Add this image's cipher node if present */ - noffset = fdt_subnode_offset(fit, image_noffset, - FIT_CIPHER_NODENAME); - if (noffset != -FDT_ERR_NOTFOUND) { - if (noffset < 0) { - printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n", - conf_name, sig_name, iname, - fdt_strerror(noffset)); - return -EIO; - } - ret = fdt_get_path(fit, noffset, path, sizeof(path)); - if (ret < 0) - goto err_path; - if (strlist_add(node_inc, path)) - goto err_mem; - } - - image_count++; } if (!image_count) { @@ -813,11 +844,6 @@ err_mem: printf("Out of memory processing configuration '%s/%s'\n", conf_name, sig_name); return -ENOMEM; - -err_path: - printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n", - iname, conf_name, sig_name, fdt_strerror(ret)); - return -ENOENT; } static int fit_config_get_data(void *fit, int conf_noffset, int noffset, diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index 270943fc90a..162494907a8 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -137,8 +137,8 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, bool overlay) { int ret; - int srcfd = 0; - int destfd = 0; + int srcfd = -1; + int destfd = -1; void *sptr = NULL; void *dptr = NULL; off_t src_size; @@ -150,6 +150,7 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, if (srcfd == -1) { fprintf(stderr, "%s: Can't open %s: %s\n", __func__, pkey_file, strerror(errno)); + ret = -1; goto err; } @@ -157,6 +158,7 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, if (ret == -1) { fprintf(stderr, "%s: Can't stat %s: %s\n", __func__, pkey_file, strerror(errno)); + ret = -1; goto err; } @@ -164,9 +166,10 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, /* mmap the public key esl file */ sptr = mmap(0, src_size, PROT_READ, MAP_SHARED, srcfd, 0); - if ((sptr == MAP_FAILED) || (errno != 0)) { + if (sptr == MAP_FAILED) { fprintf(stderr, "%s: Failed to mmap %s:%s\n", __func__, pkey_file, strerror(errno)); + ret = -1; goto err; } @@ -175,6 +178,7 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, if (destfd == -1) { fprintf(stderr, "%s: Can't open %s: %s\n", __func__, dtb_file, strerror(errno)); + ret = -1; goto err; } @@ -189,21 +193,24 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, if (ftruncate(destfd, dtb.st_size)) { fprintf(stderr, "%s: Can't expand %s: %s\n", __func__, dtb_file, strerror(errno)); - goto err;; + ret = -1; + goto err; } errno = 0; /* mmap the dtb file */ dptr = mmap(0, dtb.st_size, PROT_READ | PROT_WRITE, MAP_SHARED, destfd, 0); - if ((dptr == MAP_FAILED) || (errno != 0)) { + if (dptr == MAP_FAILED) { fprintf(stderr, "%s: Failed to mmap %s:%s\n", __func__, dtb_file, strerror(errno)); + ret = -1; goto err; } if (fdt_check_header(dptr)) { fprintf(stderr, "%s: Invalid FDT header\n", __func__); + ret = -1; goto err; } @@ -211,6 +218,7 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, if (ret) { fprintf(stderr, "%s: Cannot expand FDT: %s\n", __func__, fdt_strerror(ret)); + ret = -1; goto err; } @@ -219,10 +227,11 @@ static int add_public_key(const char *pkey_file, const char *dtb_file, if (ret < 0) { fprintf(stderr, "%s: Unable to add public key to the FDT\n", __func__); + ret = -1; goto err; } - return 0; + ret = 0; err: if (sptr) @@ -231,13 +240,13 @@ err: if (dptr) munmap(dptr, dtb.st_size); - if (srcfd >= 0) + if (srcfd != -1) close(srcfd); - if (destfd >= 0) + if (destfd != -1) close(destfd); - return -1; + return ret; } static int create_fwbin(char *path, char *bin, efi_guid_t *guid, @@ -310,6 +319,9 @@ static int create_fwbin(char *path, char *bin, efi_guid_t *guid, image.version = 0x00000003; memcpy(&image.update_image_type_id, guid, sizeof(*guid)); image.update_image_index = index; + image.reserved[0] = 0; + image.reserved[1] = 0; + image.reserved[2] = 0; image.update_image_size = bin_stat.st_size; image.update_vendor_code_size = 0; /* none */ image.update_hardware_instance = instance; @@ -421,26 +433,25 @@ int main(int argc, char **argv) /* need a fit image file or raw image file */ if (!file && !pkey_file && !dtb_file) { - printf("%s: %d\n", __func__, __LINE__); print_usage(); - return -1; + exit(EXIT_FAILURE); } if (pkey_file && dtb_file) { ret = add_public_key(pkey_file, dtb_file, overlay); if (ret == -1) { printf("Adding public key to the dtb failed\n"); - return -1; + exit(EXIT_FAILURE); } else { - return 0; + exit(EXIT_SUCCESS); } } if (create_fwbin(argv[optind], file, guid, index, instance) < 0) { printf("Creating firmware capsule failed\n"); - return -1; + exit(EXIT_FAILURE); } - return 0; + exit(EXIT_SUCCESS); } diff --git a/tools/mkimage.c b/tools/mkimage.c index e78608293e7..68d5206cb4f 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -94,18 +94,18 @@ static void usage(const char *msg) " -x ==> set XIP (execute in place)\n", params.cmdname); fprintf(stderr, - " %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-i <ramdisk.cpio.gz>] fit-image\n" + " %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image\n" " <dtb> file is used with -f auto, it may occur multiple times.\n", params.cmdname); fprintf(stderr, " -D => set all options for device tree compiler\n" " -f => input filename for FIT source\n" - " -i => input filename for ramdisk file\n"); + " -i => input filename for ramdisk file\n" + " -E => place data outside of the FIT structure\n" + " -B => align size in hex for FIT structure and header\n"); #ifdef CONFIG_FIT_SIGNATURE fprintf(stderr, - "Signing / verified boot options: [-E] [-B size] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" - " -E => place data outside of the FIT structure\n" - " -B => align size in hex for FIT structure and header\n" + "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" " -k => set directory containing private keys\n" " -K => write public keys to this .dtb file\n" " -c => add comment in signature node\n" @@ -142,6 +142,7 @@ static int add_content(int type, const char *fname) return 0; } +#define OPT_STRING "a:A:b:B:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qstT:vVx" static void process_args(int argc, char **argv) { char *ptr; |