summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
Diffstat (limited to 'common')
-rw-r--r--common/Kconfig1
-rw-r--r--common/bootm.c6
-rw-r--r--common/image-cipher.c2
-rw-r--r--common/image-fit-sig.c49
-rw-r--r--common/image-fit.c29
-rw-r--r--common/spl/spl_fit.c4
6 files changed, 53 insertions, 38 deletions
diff --git a/common/Kconfig b/common/Kconfig
index a2a9b8deed..3072651082 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -568,6 +568,7 @@ config PRE_CON_BUF_ADDR
default 0x2f000000 if ARCH_SUNXI && MACH_SUN9I
default 0x4f000000 if ARCH_SUNXI && !MACH_SUN9I
default 0x0f000000 if ROCKCHIP_RK3288
+ default 0x0f200000 if ROCKCHIP_RK3399
help
This sets the start address of the pre-console buffer. This must
be in available memory and is accessed before relocation and
diff --git a/common/bootm.c b/common/bootm.c
index 902c13880d..db4362a643 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -819,7 +819,8 @@ void __weak switch_to_non_secure_mode(void)
#else /* USE_HOSTCC */
#if defined(CONFIG_FIT_SIGNATURE)
-static int bootm_host_load_image(const void *fit, int req_image_type)
+static int bootm_host_load_image(const void *fit, int req_image_type,
+ int cfg_noffset)
{
const char *fit_uname_config = NULL;
ulong data, len;
@@ -831,6 +832,7 @@ static int bootm_host_load_image(const void *fit, int req_image_type)
void *load_buf;
int ret;
+ fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL);
memset(&images, '\0', sizeof(images));
images.verify = 1;
noffset = fit_image_load(&images, (ulong)fit,
@@ -878,7 +880,7 @@ int bootm_host_load_images(const void *fit, int cfg_noffset)
for (i = 0; i < ARRAY_SIZE(image_types); i++) {
int ret;
- ret = bootm_host_load_image(fit, image_types[i]);
+ ret = bootm_host_load_image(fit, image_types[i], cfg_noffset);
if (!err && ret && ret != -ENOENT)
err = ret;
}
diff --git a/common/image-cipher.c b/common/image-cipher.c
index cee3b03ee5..f50c3d31bd 100644
--- a/common/image-cipher.c
+++ b/common/image-cipher.c
@@ -88,7 +88,7 @@ static int fit_image_setup_decrypt(struct image_cipher_info *info,
return -1;
}
- info->keyname = fdt_getprop(fit, cipher_noffset, "key-name-hint", NULL);
+ info->keyname = fdt_getprop(fit, cipher_noffset, FIT_KEY_HINT, NULL);
if (!info->keyname) {
printf("Can't get key name\n");
return -1;
diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
index f6caeb0c59..490566ca90 100644
--- a/common/image-fit-sig.c
+++ b/common/image-fit-sig.c
@@ -98,7 +98,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
padding_name = RSA_DEFAULT_PADDING_NAME;
memset(info, '\0', sizeof(*info));
- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
+ info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
info->fit = (void *)fit;
info->node_offset = noffset;
info->name = algo_name;
@@ -209,7 +209,8 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
const char *required;
int ret;
- required = fdt_getprop(sig_blob, noffset, "required", NULL);
+ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
+ NULL);
if (!required || strcmp(required, "image"))
continue;
ret = fit_image_verify_sig(fit, image_noffset, data, size,
@@ -228,20 +229,39 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset,
return 0;
}
-int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
- char **err_msgp)
+/**
+ * fit_config_check_sig() - Check the signature of a config
+ *
+ * @fit: FIT to check
+ * @noffset: Offset of configuration node (e.g. /configurations/conf-1)
+ * @required_keynode: Offset in the control FDT of the required key node,
+ * if any. If this is given, then the configuration wil not
+ * pass verification unless that key is used. If this is
+ * -1 then any signature will do.
+ * @conf_noffset: Offset of the configuration subnode being checked (e.g.
+ * /configurations/conf-1/kernel)
+ * @err_msgp: In the event of an error, this will be pointed to a
+ * help error string to display to the user.
+ * @return 0 if all verified ok, <0 on error
+ */
+static int fit_config_check_sig(const void *fit, int noffset,
+ int required_keynode, int conf_noffset,
+ char **err_msgp)
{
char * const exc_prop[] = {"data"};
const char *prop, *end, *name;
struct image_sign_info info;
const uint32_t *strings;
+ const char *config_name;
uint8_t *fit_value;
int fit_value_len;
+ bool found_config;
int max_regions;
int i, prop_len;
char path[200];
int count;
+ config_name = fit_get_name(fit, conf_noffset, NULL);
debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(),
fit_get_name(fit, noffset, NULL),
fit_get_name(gd_fdt_blob(), required_keynode, NULL));
@@ -282,9 +302,20 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
char *node_inc[count];
debug("Hash nodes (%d):\n", count);
+ found_config = false;
for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) {
debug(" '%s'\n", name);
node_inc[i] = (char *)name;
+ if (!strncmp(FIT_CONFS_PATH, name, strlen(FIT_CONFS_PATH)) &&
+ name[sizeof(FIT_CONFS_PATH) - 1] == '/' &&
+ !strcmp(name + sizeof(FIT_CONFS_PATH), config_name)) {
+ debug(" (found config node %s)", config_name);
+ found_config = true;
+ }
+ }
+ if (!found_config) {
+ *err_msgp = "Selected config not in hashed nodes";
+ return -1;
}
/*
@@ -352,7 +383,7 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset,
if (!strncmp(name, FIT_SIG_NODENAME,
strlen(FIT_SIG_NODENAME))) {
ret = fit_config_check_sig(fit, noffset, sig_offset,
- &err_msg);
+ conf_noffset, &err_msg);
if (ret) {
puts("- ");
} else {
@@ -368,13 +399,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset,
goto error;
}
- return verified ? 0 : -EPERM;
+ if (verified)
+ return 0;
error:
printf(" error!\n%s for '%s' hash node in '%s' config node\n",
err_msg, fit_get_name(fit, noffset, NULL),
fit_get_name(fit, conf_noffset, NULL));
- return -1;
+ return -EPERM;
}
int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
@@ -395,7 +427,8 @@ int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
const char *required;
int ret;
- required = fdt_getprop(sig_blob, noffset, "required", NULL);
+ required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED,
+ NULL);
if (!required || strcmp(required, "conf"))
continue;
ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
diff --git a/common/image-fit.c b/common/image-fit.c
index 6fc2799b14..368b73088a 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -168,7 +168,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
int value_len;
char *algo;
const char *padding;
- int required;
+ bool required;
int ret, i;
debug("%s %s node: '%s'\n", p, type,
@@ -179,8 +179,8 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
return;
}
printf("%s", algo);
- keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
- required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
+ keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
+ required = fdt_getprop(fit, noffset, FIT_KEY_REQUIRED, NULL) != NULL;
if (keyname)
printf(":%s", keyname);
if (required)
@@ -1712,24 +1712,6 @@ int fit_conf_find_compat(const void *fit, const void *fdt)
return best_match_offset;
}
-/**
- * fit_conf_get_node - get node offset for configuration of a given unit name
- * @fit: pointer to the FIT format image header
- * @conf_uname: configuration node unit name
- *
- * fit_conf_get_node() finds a configuration (within the '/configurations'
- * parent node) of a provided unit name. If configuration is found its node
- * offset is returned to the caller.
- *
- * When NULL is provided in second argument fit_conf_get_node() will search
- * for a default configuration node instead. Default configuration node unit
- * name is retrieved from FIT_DEFAULT_PROP property of the '/configurations'
- * node.
- *
- * returns:
- * configuration node offset when found (>=0)
- * negative number on failure (FDT_ERR_* code)
- */
int fit_conf_get_node(const void *fit, const char *conf_uname)
{
int noffset, confs_noffset;
@@ -1969,7 +1951,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
fit_uname = fit_get_name(fit, noffset, NULL);
}
if (noffset < 0) {
- puts("Could not find subimage node\n");
+ printf("Could not find subimage node type '%s'\n", prop_name);
bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE);
return -ENOENT;
}
@@ -2007,7 +1989,8 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
fit_image_check_os(fit, noffset, IH_OS_LINUX) ||
fit_image_check_os(fit, noffset, IH_OS_U_BOOT) ||
fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) ||
- fit_image_check_os(fit, noffset, IH_OS_EFI);
+ fit_image_check_os(fit, noffset, IH_OS_EFI) ||
+ fit_image_check_os(fit, noffset, IH_OS_VXWORKS);
/*
* If either of the checks fail, we should report an error, but
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index aef1dbdd49..69dabd27f6 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -646,10 +646,6 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
if (!spl_fit_image_get_os(fit, node, &os_type))
debug("Loadable is %s\n", genimg_get_os_name(os_type));
-#if CONFIG_IS_ENABLED(FIT_IMAGE_TINY)
- else
- os_type = IH_OS_U_BOOT;
-#endif
if (os_type == IH_OS_U_BOOT) {
spl_fit_append_fdt(&image_info, info, sector,