2 * Freescale i.MX23/i.MX28 SB image generator
4 * Copyright (C) 2012-2013 Marek Vasut <marex@denx.de>
6 * SPDX-License-Identifier: GPL-2.0+
18 #include <openssl/evp.h>
20 #include "imagetool.h"
27 * |-Write to address command block
30 * |-ORR address with mask command block
32 * |-Write to address command block
36 #define SB_HAB_DCD_WRITE 0xccUL
37 #define SB_HAB_DCD_CHECK 0xcfUL
38 #define SB_HAB_DCD_NOOP 0xc0UL
39 #define SB_HAB_DCD_MASK_BIT (1 << 3)
40 #define SB_HAB_DCD_SET_BIT (1 << 4)
42 /* Addr.n = Value.n */
43 #define SB_DCD_WRITE \
44 (SB_HAB_DCD_WRITE << 24)
45 /* Addr.n &= ~Value.n */
47 ((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT)
48 /* Addr.n |= Value.n */
50 ((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
51 /* (Addr.n & Value.n) == 0 */
52 #define SB_DCD_CHK_EQZ \
53 (SB_HAB_DCD_CHECK << 24)
54 /* (Addr.n & Value.n) == Value.n */
55 #define SB_DCD_CHK_EQ \
56 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT)
57 /* (Addr.n & Value.n) != Value.n */
58 #define SB_DCD_CHK_NEQ \
59 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_MASK_BIT)
60 /* (Addr.n & Value.n) != 0 */
61 #define SB_DCD_CHK_NEZ \
62 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
65 (SB_HAB_DCD_NOOP << 24)
68 struct sb_dcd_ctx
*dcd
;
74 /* Size of the whole DCD block. */
77 /* Pointer to previous DCD command block. */
78 uint32_t *prev_dcd_head
;
100 struct sb_cmd_ctx
*cmd
;
105 struct sb_command payload
;
106 struct sb_command c_payload
;
109 struct sb_section_ctx
{
115 struct sb_section_ctx
*sect
;
117 struct sb_cmd_ctx
*cmd_head
;
118 struct sb_cmd_ctx
*cmd_tail
;
120 struct sb_sections_header payload
;
123 struct sb_image_ctx
{
124 unsigned int in_section
:1;
125 unsigned int in_dcd
:1;
126 /* Image configuration */
127 unsigned int verbose_boot
:1;
128 unsigned int silent_dump
:1;
129 char *input_filename
;
130 char *output_filename
;
132 uint8_t image_key
[16];
134 /* Number of section in the image */
135 unsigned int sect_count
;
136 /* Bootable section */
137 unsigned int sect_boot
;
138 unsigned int sect_boot_found
:1;
140 struct sb_section_ctx
*sect_head
;
141 struct sb_section_ctx
*sect_tail
;
143 struct sb_dcd_ctx
*dcd_head
;
144 struct sb_dcd_ctx
*dcd_tail
;
146 EVP_CIPHER_CTX cipher_ctx
;
149 struct sb_key_dictionary_key sb_dict_key
;
151 struct sb_boot_image_header payload
;
155 * Instruction semantics:
159 * LOAD IVT address IVT_entry_point
160 * FILL address pattern length
161 * JUMP [HAB] address [r0_arg]
162 * CALL [HAB] address [r0_arg]
164 * For i.MX23, mode = USB/I2C/SPI1_FLASH/SPI2_FLASH/NAND_BCH
165 * JTAG/SPI3_EEPROM/SD_SSP0/SD_SSP1
166 * For i.MX28, mode = USB/I2C/SPI2_FLASH/SPI3_FLASH/NAND_BCH
167 * JTAG/SPI2_EEPROM/SD_SSP0/SD_SSP1
173 static int sb_aes_init(struct sb_image_ctx
*ictx
, uint8_t *iv
, int enc
)
175 EVP_CIPHER_CTX
*ctx
= &ictx
->cipher_ctx
;
178 /* If there is no init vector, init vector is all zeroes. */
180 iv
= ictx
->image_key
;
182 EVP_CIPHER_CTX_init(ctx
);
183 ret
= EVP_CipherInit(ctx
, EVP_aes_128_cbc(), ictx
->image_key
, iv
, enc
);
185 EVP_CIPHER_CTX_set_padding(ctx
, 0);
189 static int sb_aes_crypt(struct sb_image_ctx
*ictx
, uint8_t *in_data
,
190 uint8_t *out_data
, int in_len
)
192 EVP_CIPHER_CTX
*ctx
= &ictx
->cipher_ctx
;
196 outbuf
= malloc(in_len
);
199 memset(outbuf
, 0, sizeof(in_len
));
201 ret
= EVP_CipherUpdate(ctx
, outbuf
, &outlen
, in_data
, in_len
);
208 memcpy(out_data
, outbuf
, outlen
);
215 static int sb_aes_deinit(EVP_CIPHER_CTX
*ctx
)
217 return EVP_CIPHER_CTX_cleanup(ctx
);
220 static int sb_aes_reinit(struct sb_image_ctx
*ictx
, int enc
)
223 EVP_CIPHER_CTX
*ctx
= &ictx
->cipher_ctx
;
224 struct sb_boot_image_header
*sb_header
= &ictx
->payload
;
225 uint8_t *iv
= sb_header
->iv
;
227 ret
= sb_aes_deinit(ctx
);
230 return sb_aes_init(ictx
, iv
, enc
);
236 static uint32_t crc32(uint8_t *data
, uint32_t len
)
238 const uint32_t poly
= 0x04c11db7;
239 uint32_t crc32
= 0xffffffff;
240 unsigned int byte
, bit
;
242 for (byte
= 0; byte
< len
; byte
++) {
243 crc32
^= data
[byte
] << 24;
245 for (bit
= 8; bit
> 0; bit
--) {
246 if (crc32
& (1UL << 31))
247 crc32
= (crc32
<< 1) ^ poly
;
249 crc32
= (crc32
<< 1);
259 static void soprintf(struct sb_image_ctx
*ictx
, const char *fmt
, ...)
263 if (ictx
->silent_dump
)
267 vfprintf(stdout
, fmt
, ap
);
274 static time_t sb_get_timestamp(void)
276 struct tm time_2000
= {
277 .tm_yday
= 1, /* Jan. 1st */
278 .tm_year
= 100, /* 2000 */
280 time_t seconds_to_2000
= mktime(&time_2000
);
281 time_t seconds_to_now
= time(NULL
);
283 return seconds_to_now
- seconds_to_2000
;
286 static int sb_get_time(time_t time
, struct tm
*tm
)
288 struct tm time_2000
= {
289 .tm_yday
= 1, /* Jan. 1st */
290 .tm_year
= 0, /* 1900 */
292 const time_t seconds_to_2000
= mktime(&time_2000
);
293 const time_t seconds_to_now
= seconds_to_2000
+ time
;
295 ret
= gmtime_r(&seconds_to_now
, tm
);
296 return ret
? 0 : -EINVAL
;
299 static void sb_encrypt_sb_header(struct sb_image_ctx
*ictx
)
301 EVP_MD_CTX
*md_ctx
= &ictx
->md_ctx
;
302 struct sb_boot_image_header
*sb_header
= &ictx
->payload
;
303 uint8_t *sb_header_ptr
= (uint8_t *)sb_header
;
305 /* Encrypt the header, compute the digest. */
306 sb_aes_crypt(ictx
, sb_header_ptr
, NULL
, sizeof(*sb_header
));
307 EVP_DigestUpdate(md_ctx
, sb_header_ptr
, sizeof(*sb_header
));
310 static void sb_encrypt_sb_sections_header(struct sb_image_ctx
*ictx
)
312 EVP_MD_CTX
*md_ctx
= &ictx
->md_ctx
;
313 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
314 struct sb_sections_header
*shdr
;
315 uint8_t *sb_sections_header_ptr
;
316 const int size
= sizeof(*shdr
);
319 shdr
= &sctx
->payload
;
320 sb_sections_header_ptr
= (uint8_t *)shdr
;
322 sb_aes_crypt(ictx
, sb_sections_header_ptr
,
323 ictx
->sb_dict_key
.cbc_mac
, size
);
324 EVP_DigestUpdate(md_ctx
, sb_sections_header_ptr
, size
);
330 static void sb_encrypt_key_dictionary_key(struct sb_image_ctx
*ictx
)
332 EVP_MD_CTX
*md_ctx
= &ictx
->md_ctx
;
334 sb_aes_crypt(ictx
, ictx
->image_key
, ictx
->sb_dict_key
.key
,
335 sizeof(ictx
->sb_dict_key
.key
));
336 EVP_DigestUpdate(md_ctx
, &ictx
->sb_dict_key
, sizeof(ictx
->sb_dict_key
));
339 static void sb_decrypt_key_dictionary_key(struct sb_image_ctx
*ictx
)
341 EVP_MD_CTX
*md_ctx
= &ictx
->md_ctx
;
343 EVP_DigestUpdate(md_ctx
, &ictx
->sb_dict_key
, sizeof(ictx
->sb_dict_key
));
344 sb_aes_crypt(ictx
, ictx
->sb_dict_key
.key
, ictx
->image_key
,
345 sizeof(ictx
->sb_dict_key
.key
));
348 static void sb_encrypt_tag(struct sb_image_ctx
*ictx
,
349 struct sb_cmd_ctx
*cctx
)
351 EVP_MD_CTX
*md_ctx
= &ictx
->md_ctx
;
352 struct sb_command
*cmd
= &cctx
->payload
;
354 sb_aes_crypt(ictx
, (uint8_t *)cmd
,
355 (uint8_t *)&cctx
->c_payload
, sizeof(*cmd
));
356 EVP_DigestUpdate(md_ctx
, &cctx
->c_payload
, sizeof(*cmd
));
359 static int sb_encrypt_image(struct sb_image_ctx
*ictx
)
361 /* Start image-wide crypto. */
362 EVP_MD_CTX_init(&ictx
->md_ctx
);
363 EVP_DigestInit(&ictx
->md_ctx
, EVP_sha1());
368 sb_aes_init(ictx
, NULL
, 1);
369 sb_encrypt_sb_header(ictx
);
372 * SB sections header.
374 sb_encrypt_sb_sections_header(ictx
);
379 sb_aes_reinit(ictx
, 1);
380 sb_encrypt_key_dictionary_key(ictx
);
385 struct sb_cmd_ctx
*cctx
;
386 struct sb_command
*ccmd
;
387 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
390 cctx
= sctx
->cmd_head
;
392 sb_aes_reinit(ictx
, 1);
395 ccmd
= &cctx
->payload
;
397 sb_encrypt_tag(ictx
, cctx
);
399 if (ccmd
->header
.tag
== ROM_TAG_CMD
) {
400 sb_aes_reinit(ictx
, 1);
401 } else if (ccmd
->header
.tag
== ROM_LOAD_CMD
) {
402 sb_aes_crypt(ictx
, cctx
->data
, cctx
->data
,
404 EVP_DigestUpdate(&ictx
->md_ctx
, cctx
->data
,
415 * Dump the SHA1 of the whole image.
417 sb_aes_reinit(ictx
, 1);
419 EVP_DigestFinal(&ictx
->md_ctx
, ictx
->digest
, NULL
);
420 sb_aes_crypt(ictx
, ictx
->digest
, ictx
->digest
, sizeof(ictx
->digest
));
422 /* Stop the encryption session. */
423 sb_aes_deinit(&ictx
->cipher_ctx
);
428 static int sb_load_file(struct sb_cmd_ctx
*cctx
, char *filename
)
430 long real_size
, roundup_size
;
437 fprintf(stderr
, "ERR: Missing filename!\n");
441 fp
= fopen(filename
, "r");
445 ret
= fseek(fp
, 0, SEEK_END
);
449 real_size
= ftell(fp
);
453 ret
= fseek(fp
, 0, SEEK_SET
);
457 roundup_size
= roundup(real_size
, SB_BLOCK_SIZE
);
458 data
= calloc(1, roundup_size
);
462 size
= fread(data
, 1, real_size
, fp
);
463 if (size
!= (unsigned long)real_size
)
467 cctx
->length
= roundup_size
;
477 fprintf(stderr
, "ERR: Failed to load file \"%s\"\n", filename
);
481 static uint8_t sb_command_checksum(struct sb_command
*inst
)
483 uint8_t *inst_ptr
= (uint8_t *)inst
;
487 for (i
= 0; i
< sizeof(struct sb_command
); i
++)
493 static int sb_token_to_long(char *tok
, uint32_t *rid
)
498 if (tok
[0] != '0' || tok
[1] != 'x') {
499 fprintf(stderr
, "ERR: Invalid hexadecimal number!\n");
506 id
= strtoul(tok
, &endptr
, 16);
507 if ((errno
== ERANGE
&& id
== ULONG_MAX
) || (errno
!= 0 && id
== 0)) {
508 fprintf(stderr
, "ERR: Value can't be decoded!\n");
512 /* Check for 32-bit overflow. */
513 if (id
> 0xffffffff) {
514 fprintf(stderr
, "ERR: Value too big!\n");
519 fprintf(stderr
, "ERR: Deformed value!\n");
527 static int sb_grow_dcd(struct sb_dcd_ctx
*dctx
, unsigned int inc_size
)
534 dctx
->size
+= inc_size
;
535 tmp
= realloc(dctx
->payload
, dctx
->size
);
541 /* Assemble and update the HAB DCD header. */
542 dctx
->payload
[0] = htonl((SB_HAB_DCD_TAG
<< 24) |
549 static int sb_build_dcd(struct sb_image_ctx
*ictx
, struct sb_cmd_list
*cmd
)
551 struct sb_dcd_ctx
*dctx
;
557 dctx
= calloc(1, sizeof(*dctx
));
561 ret
= sb_grow_dcd(dctx
, 4);
565 /* Read DCD block number. */
566 tok
= strtok(cmd
->cmd
, " ");
568 fprintf(stderr
, "#%i ERR: DCD block without number!\n",
574 /* Parse the DCD block number. */
575 ret
= sb_token_to_long(tok
, &id
);
577 fprintf(stderr
, "#%i ERR: Malformed DCD block number!\n",
585 * The DCD block is now constructed. Append it to the list.
586 * WARNING: The DCD size is still not computed and will be
587 * updated while parsing it's commands.
589 if (!ictx
->dcd_head
) {
590 ictx
->dcd_head
= dctx
;
591 ictx
->dcd_tail
= dctx
;
593 ictx
->dcd_tail
->dcd
= dctx
;
594 ictx
->dcd_tail
= dctx
;
605 static int sb_build_dcd_block(struct sb_image_ctx
*ictx
,
606 struct sb_cmd_list
*cmd
,
610 uint32_t address
, value
, length
;
613 struct sb_dcd_ctx
*dctx
= ictx
->dcd_tail
;
616 if (dctx
->prev_dcd_head
&& (type
!= SB_DCD_NOOP
) &&
617 ((dctx
->prev_dcd_head
[0] & 0xff0000ff) == type
)) {
618 /* Same instruction as before, just append it. */
619 ret
= sb_grow_dcd(dctx
, 8);
622 } else if (type
== SB_DCD_NOOP
) {
623 ret
= sb_grow_dcd(dctx
, 4);
627 /* Update DCD command block pointer. */
628 dctx
->prev_dcd_head
= dctx
->payload
+
629 dctx
->size
/ sizeof(*dctx
->payload
) - 1;
631 /* NOOP has only 4 bytes and no payload. */
635 * Either a different instruction block started now
636 * or this is the first instruction block.
638 ret
= sb_grow_dcd(dctx
, 12);
642 /* Update DCD command block pointer. */
643 dctx
->prev_dcd_head
= dctx
->payload
+
644 dctx
->size
/ sizeof(*dctx
->payload
) - 3;
647 dcd
= dctx
->payload
+ dctx
->size
/ sizeof(*dctx
->payload
) - 2;
650 * Prepare the command.
652 tok
= strtok(cmd
->cmd
, " ");
654 fprintf(stderr
, "#%i ERR: Missing DCD address!\n",
660 /* Read DCD destination address. */
661 ret
= sb_token_to_long(tok
, &address
);
663 fprintf(stderr
, "#%i ERR: Incorrect DCD address!\n",
668 tok
= strtok(NULL
, " ");
670 fprintf(stderr
, "#%i ERR: Missing DCD value!\n",
676 /* Read DCD operation value. */
677 ret
= sb_token_to_long(tok
, &value
);
679 fprintf(stderr
, "#%i ERR: Incorrect DCD value!\n",
684 /* Fill in the new DCD entry. */
685 dcd
[0] = htonl(address
);
686 dcd
[1] = htonl(value
);
689 /* Update the DCD command block. */
690 length
= dctx
->size
-
691 ((dctx
->prev_dcd_head
- dctx
->payload
) *
692 sizeof(*dctx
->payload
));
693 dctx
->prev_dcd_head
[0] = htonl(type
| (length
<< 8));
699 static int sb_build_section(struct sb_image_ctx
*ictx
, struct sb_cmd_list
*cmd
)
701 struct sb_section_ctx
*sctx
;
702 struct sb_sections_header
*shdr
;
704 uint32_t bootable
= 0;
708 sctx
= calloc(1, sizeof(*sctx
));
712 /* Read section number. */
713 tok
= strtok(cmd
->cmd
, " ");
715 fprintf(stderr
, "#%i ERR: Section without number!\n",
721 /* Parse the section number. */
722 ret
= sb_token_to_long(tok
, &id
);
724 fprintf(stderr
, "#%i ERR: Malformed section number!\n",
729 /* Read section's BOOTABLE flag. */
730 tok
= strtok(NULL
, " ");
731 if (tok
&& (strlen(tok
) == 8) && !strncmp(tok
, "BOOTABLE", 8))
732 bootable
= SB_SECTION_FLAG_BOOTABLE
;
734 sctx
->boot
= bootable
;
736 shdr
= &sctx
->payload
;
737 shdr
->section_number
= id
;
738 shdr
->section_flags
= bootable
;
741 * The section is now constructed. Append it to the list.
742 * WARNING: The section size is still not computed and will
743 * be updated while parsing it's commands.
747 /* Mark that this section is bootable one. */
749 if (ictx
->sect_boot_found
) {
751 "#%i WARN: Multiple bootable section!\n",
754 ictx
->sect_boot
= id
;
755 ictx
->sect_boot_found
= 1;
759 if (!ictx
->sect_head
) {
760 ictx
->sect_head
= sctx
;
761 ictx
->sect_tail
= sctx
;
763 ictx
->sect_tail
->sect
= sctx
;
764 ictx
->sect_tail
= sctx
;
774 static int sb_build_command_nop(struct sb_image_ctx
*ictx
)
776 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
777 struct sb_cmd_ctx
*cctx
;
778 struct sb_command
*ccmd
;
780 cctx
= calloc(1, sizeof(*cctx
));
784 ccmd
= &cctx
->payload
;
787 * Construct the command.
789 ccmd
->header
.checksum
= 0x5a;
790 ccmd
->header
.tag
= ROM_NOP_CMD
;
792 cctx
->size
= sizeof(*ccmd
);
795 * Append the command to the last section.
797 if (!sctx
->cmd_head
) {
798 sctx
->cmd_head
= cctx
;
799 sctx
->cmd_tail
= cctx
;
801 sctx
->cmd_tail
->cmd
= cctx
;
802 sctx
->cmd_tail
= cctx
;
808 static int sb_build_command_tag(struct sb_image_ctx
*ictx
,
809 struct sb_cmd_list
*cmd
)
811 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
812 struct sb_cmd_ctx
*cctx
;
813 struct sb_command
*ccmd
;
816 cctx
= calloc(1, sizeof(*cctx
));
820 ccmd
= &cctx
->payload
;
823 * Prepare the command.
825 /* Check for the LAST keyword. */
826 tok
= strtok(cmd
->cmd
, " ");
827 if (tok
&& !strcmp(tok
, "LAST"))
828 ccmd
->header
.flags
= ROM_TAG_CMD_FLAG_ROM_LAST_TAG
;
831 * Construct the command.
833 ccmd
->header
.checksum
= 0x5a;
834 ccmd
->header
.tag
= ROM_TAG_CMD
;
836 cctx
->size
= sizeof(*ccmd
);
839 * Append the command to the last section.
841 if (!sctx
->cmd_head
) {
842 sctx
->cmd_head
= cctx
;
843 sctx
->cmd_tail
= cctx
;
845 sctx
->cmd_tail
->cmd
= cctx
;
846 sctx
->cmd_tail
= cctx
;
852 static int sb_build_command_load(struct sb_image_ctx
*ictx
,
853 struct sb_cmd_list
*cmd
)
855 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
856 struct sb_cmd_ctx
*cctx
;
857 struct sb_command
*ccmd
;
859 int ret
, is_ivt
= 0, is_dcd
= 0;
860 uint32_t dest
, dcd
= 0;
862 cctx
= calloc(1, sizeof(*cctx
));
866 ccmd
= &cctx
->payload
;
869 * Prepare the command.
871 tok
= strtok(cmd
->cmd
, " ");
873 fprintf(stderr
, "#%i ERR: Missing LOAD address or 'IVT'!\n",
879 /* Check for "IVT" flag. */
880 if (!strcmp(tok
, "IVT"))
882 if (!strcmp(tok
, "DCD"))
884 if (is_ivt
|| is_dcd
) {
885 tok
= strtok(NULL
, " ");
887 fprintf(stderr
, "#%i ERR: Missing LOAD address!\n",
894 /* Read load destination address. */
895 ret
= sb_token_to_long(tok
, &dest
);
897 fprintf(stderr
, "#%i ERR: Incorrect LOAD address!\n",
902 /* Read filename or IVT entrypoint or DCD block ID. */
903 tok
= strtok(NULL
, " ");
906 "#%i ERR: Missing LOAD filename or IVT ep or DCD block ID!\n",
914 struct sb_ivt_header
*ivt
;
916 ret
= sb_token_to_long(tok
, &ivtep
);
920 "#%i ERR: Incorrect IVT entry point!\n",
925 ivt
= calloc(1, sizeof(*ivt
));
931 ivt
->header
= sb_hab_ivt_header();
935 cctx
->data
= (uint8_t *)ivt
;
936 cctx
->length
= sizeof(*ivt
);
938 struct sb_dcd_ctx
*dctx
= ictx
->dcd_head
;
942 ret
= sb_token_to_long(tok
, &dcdid
);
946 "#%i ERR: Incorrect DCD block ID!\n",
952 if (dctx
->id
== dcdid
)
958 fprintf(stderr
, "#%i ERR: DCD block %08x not found!\n",
963 asize
= roundup(dctx
->size
, SB_BLOCK_SIZE
);
964 payload
= calloc(1, asize
);
970 memcpy(payload
, dctx
->payload
, dctx
->size
);
972 cctx
->data
= payload
;
973 cctx
->length
= asize
;
975 /* Set the Load DCD flag. */
976 dcd
= ROM_LOAD_CMD_FLAG_DCD_LOAD
;
978 /* Regular LOAD of a file. */
979 ret
= sb_load_file(cctx
, tok
);
981 fprintf(stderr
, "#%i ERR: Cannot load '%s'!\n",
987 if (cctx
->length
& (SB_BLOCK_SIZE
- 1)) {
988 fprintf(stderr
, "#%i ERR: Unaligned payload!\n",
993 * Construct the command.
995 ccmd
->header
.checksum
= 0x5a;
996 ccmd
->header
.tag
= ROM_LOAD_CMD
;
997 ccmd
->header
.flags
= dcd
;
999 ccmd
->load
.address
= dest
;
1000 ccmd
->load
.count
= cctx
->length
;
1001 ccmd
->load
.crc32
= crc32(cctx
->data
, cctx
->length
);
1003 cctx
->size
= sizeof(*ccmd
) + cctx
->length
;
1006 * Append the command to the last section.
1008 if (!sctx
->cmd_head
) {
1009 sctx
->cmd_head
= cctx
;
1010 sctx
->cmd_tail
= cctx
;
1012 sctx
->cmd_tail
->cmd
= cctx
;
1013 sctx
->cmd_tail
= cctx
;
1023 static int sb_build_command_fill(struct sb_image_ctx
*ictx
,
1024 struct sb_cmd_list
*cmd
)
1026 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
1027 struct sb_cmd_ctx
*cctx
;
1028 struct sb_command
*ccmd
;
1030 uint32_t address
, pattern
, length
;
1033 cctx
= calloc(1, sizeof(*cctx
));
1037 ccmd
= &cctx
->payload
;
1040 * Prepare the command.
1042 tok
= strtok(cmd
->cmd
, " ");
1044 fprintf(stderr
, "#%i ERR: Missing FILL address!\n",
1050 /* Read fill destination address. */
1051 ret
= sb_token_to_long(tok
, &address
);
1053 fprintf(stderr
, "#%i ERR: Incorrect FILL address!\n",
1058 tok
= strtok(NULL
, " ");
1060 fprintf(stderr
, "#%i ERR: Missing FILL pattern!\n",
1066 /* Read fill pattern address. */
1067 ret
= sb_token_to_long(tok
, &pattern
);
1069 fprintf(stderr
, "#%i ERR: Incorrect FILL pattern!\n",
1074 tok
= strtok(NULL
, " ");
1076 fprintf(stderr
, "#%i ERR: Missing FILL length!\n",
1082 /* Read fill pattern address. */
1083 ret
= sb_token_to_long(tok
, &length
);
1085 fprintf(stderr
, "#%i ERR: Incorrect FILL length!\n",
1091 * Construct the command.
1093 ccmd
->header
.checksum
= 0x5a;
1094 ccmd
->header
.tag
= ROM_FILL_CMD
;
1096 ccmd
->fill
.address
= address
;
1097 ccmd
->fill
.count
= length
;
1098 ccmd
->fill
.pattern
= pattern
;
1100 cctx
->size
= sizeof(*ccmd
);
1103 * Append the command to the last section.
1105 if (!sctx
->cmd_head
) {
1106 sctx
->cmd_head
= cctx
;
1107 sctx
->cmd_tail
= cctx
;
1109 sctx
->cmd_tail
->cmd
= cctx
;
1110 sctx
->cmd_tail
= cctx
;
1120 static int sb_build_command_jump_call(struct sb_image_ctx
*ictx
,
1121 struct sb_cmd_list
*cmd
,
1122 unsigned int is_call
)
1124 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
1125 struct sb_cmd_ctx
*cctx
;
1126 struct sb_command
*ccmd
;
1128 uint32_t dest
, arg
= 0x0;
1131 const char *cmdname
= is_call
? "CALL" : "JUMP";
1133 cctx
= calloc(1, sizeof(*cctx
));
1137 ccmd
= &cctx
->payload
;
1140 * Prepare the command.
1142 tok
= strtok(cmd
->cmd
, " ");
1145 "#%i ERR: Missing %s address or 'HAB'!\n",
1146 cmd
->lineno
, cmdname
);
1151 /* Check for "HAB" flag. */
1152 if (!strcmp(tok
, "HAB")) {
1153 hab
= is_call
? ROM_CALL_CMD_FLAG_HAB
: ROM_JUMP_CMD_FLAG_HAB
;
1154 tok
= strtok(NULL
, " ");
1156 fprintf(stderr
, "#%i ERR: Missing %s address!\n",
1157 cmd
->lineno
, cmdname
);
1162 /* Read load destination address. */
1163 ret
= sb_token_to_long(tok
, &dest
);
1165 fprintf(stderr
, "#%i ERR: Incorrect %s address!\n",
1166 cmd
->lineno
, cmdname
);
1170 tok
= strtok(NULL
, " ");
1172 ret
= sb_token_to_long(tok
, &arg
);
1175 "#%i ERR: Incorrect %s argument!\n",
1176 cmd
->lineno
, cmdname
);
1182 * Construct the command.
1184 ccmd
->header
.checksum
= 0x5a;
1185 ccmd
->header
.tag
= is_call
? ROM_CALL_CMD
: ROM_JUMP_CMD
;
1186 ccmd
->header
.flags
= hab
;
1188 ccmd
->call
.address
= dest
;
1189 ccmd
->call
.argument
= arg
;
1191 cctx
->size
= sizeof(*ccmd
);
1194 * Append the command to the last section.
1196 if (!sctx
->cmd_head
) {
1197 sctx
->cmd_head
= cctx
;
1198 sctx
->cmd_tail
= cctx
;
1200 sctx
->cmd_tail
->cmd
= cctx
;
1201 sctx
->cmd_tail
= cctx
;
1211 static int sb_build_command_jump(struct sb_image_ctx
*ictx
,
1212 struct sb_cmd_list
*cmd
)
1214 return sb_build_command_jump_call(ictx
, cmd
, 0);
1217 static int sb_build_command_call(struct sb_image_ctx
*ictx
,
1218 struct sb_cmd_list
*cmd
)
1220 return sb_build_command_jump_call(ictx
, cmd
, 1);
1223 static int sb_build_command_mode(struct sb_image_ctx
*ictx
,
1224 struct sb_cmd_list
*cmd
)
1226 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
1227 struct sb_cmd_ctx
*cctx
;
1228 struct sb_command
*ccmd
;
1232 uint32_t mode
= 0xffffffff;
1234 cctx
= calloc(1, sizeof(*cctx
));
1238 ccmd
= &cctx
->payload
;
1241 * Prepare the command.
1243 tok
= strtok(cmd
->cmd
, " ");
1245 fprintf(stderr
, "#%i ERR: Missing MODE boot mode argument!\n",
1251 for (i
= 0; i
< ARRAY_SIZE(modetable
); i
++) {
1252 if (!strcmp(tok
, modetable
[i
].name
)) {
1253 mode
= modetable
[i
].mode
;
1257 if (!modetable
[i
].altname
)
1260 if (!strcmp(tok
, modetable
[i
].altname
)) {
1261 mode
= modetable
[i
].mode
;
1266 if (mode
== 0xffffffff) {
1267 fprintf(stderr
, "#%i ERR: Invalid MODE boot mode argument!\n",
1274 * Construct the command.
1276 ccmd
->header
.checksum
= 0x5a;
1277 ccmd
->header
.tag
= ROM_MODE_CMD
;
1279 ccmd
->mode
.mode
= mode
;
1281 cctx
->size
= sizeof(*ccmd
);
1284 * Append the command to the last section.
1286 if (!sctx
->cmd_head
) {
1287 sctx
->cmd_head
= cctx
;
1288 sctx
->cmd_tail
= cctx
;
1290 sctx
->cmd_tail
->cmd
= cctx
;
1291 sctx
->cmd_tail
= cctx
;
1301 static int sb_prefill_image_header(struct sb_image_ctx
*ictx
)
1303 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1305 /* Fill signatures */
1306 memcpy(hdr
->signature1
, "STMP", 4);
1307 memcpy(hdr
->signature2
, "sgtl", 4);
1309 /* SB Image version 1.1 */
1310 hdr
->major_version
= SB_VERSION_MAJOR
;
1311 hdr
->minor_version
= SB_VERSION_MINOR
;
1313 /* Boot image major version */
1314 hdr
->product_version
.major
= htons(0x999);
1315 hdr
->product_version
.minor
= htons(0x999);
1316 hdr
->product_version
.revision
= htons(0x999);
1317 /* Boot image major version */
1318 hdr
->component_version
.major
= htons(0x999);
1319 hdr
->component_version
.minor
= htons(0x999);
1320 hdr
->component_version
.revision
= htons(0x999);
1322 /* Drive tag must be 0x0 for i.MX23 */
1325 hdr
->header_blocks
=
1326 sizeof(struct sb_boot_image_header
) / SB_BLOCK_SIZE
;
1327 hdr
->section_header_size
=
1328 sizeof(struct sb_sections_header
) / SB_BLOCK_SIZE
;
1329 hdr
->timestamp_us
= sb_get_timestamp() * 1000000;
1331 /* FIXME -- add proper config option */
1332 hdr
->flags
= ictx
->verbose_boot
? SB_IMAGE_FLAG_VERBOSE
: 0,
1334 /* FIXME -- We support only default key */
1340 static int sb_postfill_image_header(struct sb_image_ctx
*ictx
)
1342 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1343 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
1344 uint32_t kd_size
, sections_blocks
;
1347 /* The main SB header size in blocks. */
1348 hdr
->image_blocks
= hdr
->header_blocks
;
1350 /* Size of the key dictionary, which has single zero entry. */
1351 kd_size
= hdr
->key_count
* sizeof(struct sb_key_dictionary_key
);
1352 hdr
->image_blocks
+= kd_size
/ SB_BLOCK_SIZE
;
1354 /* Now count the payloads. */
1355 hdr
->section_count
= ictx
->sect_count
;
1357 hdr
->image_blocks
+= sctx
->size
/ SB_BLOCK_SIZE
;
1361 if (!ictx
->sect_boot_found
) {
1362 fprintf(stderr
, "ERR: No bootable section selected!\n");
1365 hdr
->first_boot_section_id
= ictx
->sect_boot
;
1367 /* The n * SB section size in blocks. */
1368 sections_blocks
= hdr
->section_count
* hdr
->section_header_size
;
1369 hdr
->image_blocks
+= sections_blocks
;
1371 /* Key dictionary offset. */
1372 hdr
->key_dictionary_block
= hdr
->header_blocks
+ sections_blocks
;
1374 /* Digest of the whole image. */
1375 hdr
->image_blocks
+= 2;
1377 /* Pointer past the dictionary. */
1378 hdr
->first_boot_tag_block
=
1379 hdr
->key_dictionary_block
+ kd_size
/ SB_BLOCK_SIZE
;
1381 /* Compute header digest. */
1382 EVP_MD_CTX_init(&md_ctx
);
1384 EVP_DigestInit(&md_ctx
, EVP_sha1());
1385 EVP_DigestUpdate(&md_ctx
, hdr
->signature1
,
1386 sizeof(struct sb_boot_image_header
) -
1387 sizeof(hdr
->digest
));
1388 EVP_DigestFinal(&md_ctx
, hdr
->digest
, NULL
);
1393 static int sb_fixup_sections_and_tags(struct sb_image_ctx
*ictx
)
1395 /* Fixup the placement of sections. */
1396 struct sb_boot_image_header
*ihdr
= &ictx
->payload
;
1397 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
1398 struct sb_sections_header
*shdr
;
1399 struct sb_cmd_ctx
*cctx
;
1400 struct sb_command
*ccmd
;
1401 uint32_t offset
= ihdr
->first_boot_tag_block
;
1404 shdr
= &sctx
->payload
;
1406 /* Fill in the section TAG offset. */
1407 shdr
->section_offset
= offset
+ 1;
1408 offset
+= shdr
->section_size
;
1410 /* Section length is measured from the TAG block. */
1411 shdr
->section_size
--;
1413 /* Fixup the TAG command. */
1414 cctx
= sctx
->cmd_head
;
1416 ccmd
= &cctx
->payload
;
1417 if (ccmd
->header
.tag
== ROM_TAG_CMD
) {
1418 ccmd
->tag
.section_number
= shdr
->section_number
;
1419 ccmd
->tag
.section_length
= shdr
->section_size
;
1420 ccmd
->tag
.section_flags
= shdr
->section_flags
;
1423 /* Update the command checksum. */
1424 ccmd
->header
.checksum
= sb_command_checksum(ccmd
);
1435 static int sb_parse_line(struct sb_image_ctx
*ictx
, struct sb_cmd_list
*cmd
)
1438 char *line
= cmd
->cmd
;
1442 /* Analyze the identifier on this line first. */
1443 tok
= strtok_r(line
, " ", &rptr
);
1444 if (!tok
|| (strlen(tok
) == 0)) {
1445 fprintf(stderr
, "#%i ERR: Invalid line!\n", cmd
->lineno
);
1452 if (!strcmp(tok
, "DCD")) {
1453 ictx
->in_section
= 0;
1455 sb_build_dcd(ictx
, cmd
);
1460 if (!strcmp(tok
, "SECTION")) {
1461 ictx
->in_section
= 1;
1463 sb_build_section(ictx
, cmd
);
1467 if (!ictx
->in_section
&& !ictx
->in_dcd
) {
1468 fprintf(stderr
, "#%i ERR: Data outside of a section!\n",
1473 if (ictx
->in_section
) {
1474 /* Section commands */
1475 if (!strcmp(tok
, "NOP")) {
1476 ret
= sb_build_command_nop(ictx
);
1477 } else if (!strcmp(tok
, "TAG")) {
1478 ret
= sb_build_command_tag(ictx
, cmd
);
1479 } else if (!strcmp(tok
, "LOAD")) {
1480 ret
= sb_build_command_load(ictx
, cmd
);
1481 } else if (!strcmp(tok
, "FILL")) {
1482 ret
= sb_build_command_fill(ictx
, cmd
);
1483 } else if (!strcmp(tok
, "JUMP")) {
1484 ret
= sb_build_command_jump(ictx
, cmd
);
1485 } else if (!strcmp(tok
, "CALL")) {
1486 ret
= sb_build_command_call(ictx
, cmd
);
1487 } else if (!strcmp(tok
, "MODE")) {
1488 ret
= sb_build_command_mode(ictx
, cmd
);
1491 "#%i ERR: Unsupported instruction '%s'!\n",
1495 } else if (ictx
->in_dcd
) {
1497 uint32_t ilen
= '1';
1499 tok
= strtok_r(tok
, ".", &lptr
);
1500 if (!tok
|| (strlen(tok
) == 0) || (lptr
&& strlen(lptr
) != 1)) {
1501 fprintf(stderr
, "#%i ERR: Invalid line!\n",
1507 (lptr
[0] != '1' && lptr
[0] != '2' && lptr
[0] != '4')) {
1508 fprintf(stderr
, "#%i ERR: Invalid instruction width!\n",
1514 ilen
= lptr
[0] - '1';
1517 if (!strcmp(tok
, "WRITE")) {
1518 ret
= sb_build_dcd_block(ictx
, cmd
,
1519 SB_DCD_WRITE
| ilen
);
1520 } else if (!strcmp(tok
, "ANDC")) {
1521 ret
= sb_build_dcd_block(ictx
, cmd
,
1522 SB_DCD_ANDC
| ilen
);
1523 } else if (!strcmp(tok
, "ORR")) {
1524 ret
= sb_build_dcd_block(ictx
, cmd
,
1526 } else if (!strcmp(tok
, "EQZ")) {
1527 ret
= sb_build_dcd_block(ictx
, cmd
,
1528 SB_DCD_CHK_EQZ
| ilen
);
1529 } else if (!strcmp(tok
, "EQ")) {
1530 ret
= sb_build_dcd_block(ictx
, cmd
,
1531 SB_DCD_CHK_EQ
| ilen
);
1532 } else if (!strcmp(tok
, "NEQ")) {
1533 ret
= sb_build_dcd_block(ictx
, cmd
,
1534 SB_DCD_CHK_NEQ
| ilen
);
1535 } else if (!strcmp(tok
, "NEZ")) {
1536 ret
= sb_build_dcd_block(ictx
, cmd
,
1537 SB_DCD_CHK_NEZ
| ilen
);
1538 } else if (!strcmp(tok
, "NOOP")) {
1539 ret
= sb_build_dcd_block(ictx
, cmd
, SB_DCD_NOOP
);
1542 "#%i ERR: Unsupported instruction '%s'!\n",
1547 fprintf(stderr
, "#%i ERR: Unsupported instruction '%s'!\n",
1553 * Here we have at least one section with one command, otherwise we
1554 * would have failed already higher above.
1556 * FIXME -- should the updating happen here ?
1558 if (ictx
->in_section
&& !ret
) {
1559 ictx
->sect_tail
->size
+= ictx
->sect_tail
->cmd_tail
->size
;
1560 ictx
->sect_tail
->payload
.section_size
=
1561 ictx
->sect_tail
->size
/ SB_BLOCK_SIZE
;
1567 static int sb_load_cmdfile(struct sb_image_ctx
*ictx
)
1569 struct sb_cmd_list cmd
;
1576 fp
= fopen(ictx
->cfg_filename
, "r");
1580 while ((rlen
= getline(&line
, &len
, fp
)) > 0) {
1581 memset(&cmd
, 0, sizeof(cmd
));
1583 /* Strip the trailing newline. */
1584 line
[rlen
- 1] = '\0';
1588 cmd
.lineno
= lineno
++;
1590 sb_parse_line(ictx
, &cmd
);
1601 fprintf(stderr
, "ERR: Failed to load file \"%s\"\n",
1602 ictx
->cfg_filename
);
1606 static int sb_build_tree_from_cfg(struct sb_image_ctx
*ictx
)
1610 ret
= sb_load_cmdfile(ictx
);
1614 ret
= sb_prefill_image_header(ictx
);
1618 ret
= sb_postfill_image_header(ictx
);
1622 ret
= sb_fixup_sections_and_tags(ictx
);
1629 static int sb_verify_image_header(struct sb_image_ctx
*ictx
,
1630 FILE *fp
, long fsize
)
1632 /* Verify static fields in the image header. */
1633 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1634 const char *stat
[2] = { "[PASS]", "[FAIL]" };
1637 unsigned char digest
[20];
1641 /* Start image-wide crypto. */
1642 EVP_MD_CTX_init(&ictx
->md_ctx
);
1643 EVP_DigestInit(&ictx
->md_ctx
, EVP_sha1());
1645 soprintf(ictx
, "---------- Verifying SB Image Header ----------\n");
1647 size
= fread(&ictx
->payload
, 1, sizeof(ictx
->payload
), fp
);
1648 if (size
!= sizeof(ictx
->payload
)) {
1649 fprintf(stderr
, "ERR: SB image header too short!\n");
1653 /* Compute header digest. */
1654 EVP_MD_CTX_init(&md_ctx
);
1655 EVP_DigestInit(&md_ctx
, EVP_sha1());
1656 EVP_DigestUpdate(&md_ctx
, hdr
->signature1
,
1657 sizeof(struct sb_boot_image_header
) -
1658 sizeof(hdr
->digest
));
1659 EVP_DigestFinal(&md_ctx
, digest
, NULL
);
1661 sb_aes_init(ictx
, NULL
, 1);
1662 sb_encrypt_sb_header(ictx
);
1664 if (memcmp(digest
, hdr
->digest
, 20))
1666 soprintf(ictx
, "%s Image header checksum: %s\n", stat
[!!ret
],
1667 ret
? "BAD" : "OK");
1671 if (memcmp(hdr
->signature1
, "STMP", 4) ||
1672 memcmp(hdr
->signature2
, "sgtl", 4))
1674 soprintf(ictx
, "%s Signatures: '%.4s' '%.4s'\n",
1675 stat
[!!ret
], hdr
->signature1
, hdr
->signature2
);
1679 if ((hdr
->major_version
!= SB_VERSION_MAJOR
) ||
1680 ((hdr
->minor_version
!= 1) && (hdr
->minor_version
!= 2)))
1682 soprintf(ictx
, "%s Image version: v%i.%i\n", stat
[!!ret
],
1683 hdr
->major_version
, hdr
->minor_version
);
1687 ret
= sb_get_time(hdr
->timestamp_us
/ 1000000, &tm
);
1689 "%s Creation time: %02i:%02i:%02i %02i/%02i/%04i\n",
1690 stat
[!!ret
], tm
.tm_hour
, tm
.tm_min
, tm
.tm_sec
,
1691 tm
.tm_mday
, tm
.tm_mon
, tm
.tm_year
+ 2000);
1695 soprintf(ictx
, "%s Product version: %x.%x.%x\n", stat
[0],
1696 ntohs(hdr
->product_version
.major
),
1697 ntohs(hdr
->product_version
.minor
),
1698 ntohs(hdr
->product_version
.revision
));
1699 soprintf(ictx
, "%s Component version: %x.%x.%x\n", stat
[0],
1700 ntohs(hdr
->component_version
.major
),
1701 ntohs(hdr
->component_version
.minor
),
1702 ntohs(hdr
->component_version
.revision
));
1704 if (hdr
->flags
& ~SB_IMAGE_FLAG_VERBOSE
)
1706 soprintf(ictx
, "%s Image flags: %s\n", stat
[!!ret
],
1707 hdr
->flags
& SB_IMAGE_FLAG_VERBOSE
? "Verbose_boot" : "");
1711 if (hdr
->drive_tag
!= 0)
1713 soprintf(ictx
, "%s Drive tag: %i\n", stat
[!!ret
],
1718 sz
= sizeof(struct sb_boot_image_header
) / SB_BLOCK_SIZE
;
1719 if (hdr
->header_blocks
!= sz
)
1721 soprintf(ictx
, "%s Image header size (blocks): %i\n", stat
[!!ret
],
1722 hdr
->header_blocks
);
1726 sz
= sizeof(struct sb_sections_header
) / SB_BLOCK_SIZE
;
1727 if (hdr
->section_header_size
!= sz
)
1729 soprintf(ictx
, "%s Section header size (blocks): %i\n", stat
[!!ret
],
1730 hdr
->section_header_size
);
1734 soprintf(ictx
, "%s Sections count: %i\n", stat
[!!ret
],
1735 hdr
->section_count
);
1736 soprintf(ictx
, "%s First bootable section %i\n", stat
[!!ret
],
1737 hdr
->first_boot_section_id
);
1739 if (hdr
->image_blocks
!= fsize
/ SB_BLOCK_SIZE
)
1741 soprintf(ictx
, "%s Image size (blocks): %i\n", stat
[!!ret
],
1746 sz
= hdr
->header_blocks
+ hdr
->section_header_size
* hdr
->section_count
;
1747 if (hdr
->key_dictionary_block
!= sz
)
1749 soprintf(ictx
, "%s Key dict offset (blocks): %i\n", stat
[!!ret
],
1750 hdr
->key_dictionary_block
);
1754 if (hdr
->key_count
!= 1)
1756 soprintf(ictx
, "%s Number of encryption keys: %i\n", stat
[!!ret
],
1761 sz
= hdr
->header_blocks
+ hdr
->section_header_size
* hdr
->section_count
;
1762 sz
+= hdr
->key_count
*
1763 sizeof(struct sb_key_dictionary_key
) / SB_BLOCK_SIZE
;
1764 if (hdr
->first_boot_tag_block
!= (unsigned)sz
)
1766 soprintf(ictx
, "%s First TAG block (blocks): %i\n", stat
[!!ret
],
1767 hdr
->first_boot_tag_block
);
1774 static void sb_decrypt_tag(struct sb_image_ctx
*ictx
,
1775 struct sb_cmd_ctx
*cctx
)
1777 EVP_MD_CTX
*md_ctx
= &ictx
->md_ctx
;
1778 struct sb_command
*cmd
= &cctx
->payload
;
1780 sb_aes_crypt(ictx
, (uint8_t *)&cctx
->c_payload
,
1781 (uint8_t *)&cctx
->payload
, sizeof(*cmd
));
1782 EVP_DigestUpdate(md_ctx
, &cctx
->c_payload
, sizeof(*cmd
));
1785 static int sb_verify_command(struct sb_image_ctx
*ictx
,
1786 struct sb_cmd_ctx
*cctx
, FILE *fp
,
1787 unsigned long *tsize
)
1789 struct sb_command
*ccmd
= &cctx
->payload
;
1790 unsigned long size
, asize
;
1791 char *csum
, *flag
= "";
1794 uint8_t csn
, csc
= ccmd
->header
.checksum
;
1795 ccmd
->header
.checksum
= 0x5a;
1796 csn
= sb_command_checksum(ccmd
);
1797 ccmd
->header
.checksum
= csc
;
1803 csum
= ret
? "checksum BAD" : "checksum OK";
1805 switch (ccmd
->header
.tag
) {
1807 soprintf(ictx
, " NOOP # %s\n", csum
);
1810 if (ccmd
->header
.flags
& ROM_TAG_CMD_FLAG_ROM_LAST_TAG
)
1812 soprintf(ictx
, " TAG %s # %s\n", flag
, csum
);
1813 sb_aes_reinit(ictx
, 0);
1816 soprintf(ictx
, " LOAD addr=0x%08x length=0x%08x # %s\n",
1817 ccmd
->load
.address
, ccmd
->load
.count
, csum
);
1819 cctx
->length
= ccmd
->load
.count
;
1820 asize
= roundup(cctx
->length
, SB_BLOCK_SIZE
);
1821 cctx
->data
= malloc(asize
);
1825 size
= fread(cctx
->data
, 1, asize
, fp
);
1826 if (size
!= asize
) {
1828 "ERR: SB LOAD command payload too short!\n");
1834 EVP_DigestUpdate(&ictx
->md_ctx
, cctx
->data
, asize
);
1835 sb_aes_crypt(ictx
, cctx
->data
, cctx
->data
, asize
);
1837 if (ccmd
->load
.crc32
!= crc32(cctx
->data
, asize
)) {
1839 "ERR: SB LOAD command payload CRC32 invalid!\n");
1845 " FILL addr=0x%08x length=0x%08x pattern=0x%08x # %s\n",
1846 ccmd
->fill
.address
, ccmd
->fill
.count
,
1847 ccmd
->fill
.pattern
, csum
);
1850 if (ccmd
->header
.flags
& ROM_JUMP_CMD_FLAG_HAB
)
1853 " JUMP%s addr=0x%08x r0_arg=0x%08x # %s\n",
1854 flag
, ccmd
->fill
.address
, ccmd
->jump
.argument
, csum
);
1857 if (ccmd
->header
.flags
& ROM_CALL_CMD_FLAG_HAB
)
1860 " CALL%s addr=0x%08x r0_arg=0x%08x # %s\n",
1861 flag
, ccmd
->fill
.address
, ccmd
->jump
.argument
, csum
);
1864 for (i
= 0; i
< ARRAY_SIZE(modetable
); i
++) {
1865 if (ccmd
->mode
.mode
== modetable
[i
].mode
) {
1866 soprintf(ictx
, " MODE %s # %s\n",
1867 modetable
[i
].name
, csum
);
1871 fprintf(stderr
, " MODE !INVALID! # %s\n", csum
);
1878 static int sb_verify_commands(struct sb_image_ctx
*ictx
,
1879 struct sb_section_ctx
*sctx
, FILE *fp
)
1881 unsigned long size
, tsize
= 0;
1882 struct sb_cmd_ctx
*cctx
;
1885 sb_aes_reinit(ictx
, 0);
1887 while (tsize
< sctx
->size
) {
1888 cctx
= calloc(1, sizeof(*cctx
));
1891 if (!sctx
->cmd_head
) {
1892 sctx
->cmd_head
= cctx
;
1893 sctx
->cmd_tail
= cctx
;
1895 sctx
->cmd_tail
->cmd
= cctx
;
1896 sctx
->cmd_tail
= cctx
;
1899 size
= fread(&cctx
->c_payload
, 1, sizeof(cctx
->c_payload
), fp
);
1900 if (size
!= sizeof(cctx
->c_payload
)) {
1901 fprintf(stderr
, "ERR: SB command header too short!\n");
1907 sb_decrypt_tag(ictx
, cctx
);
1909 ret
= sb_verify_command(ictx
, cctx
, fp
, &tsize
);
1917 static int sb_verify_sections_cmds(struct sb_image_ctx
*ictx
, FILE *fp
)
1919 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1920 struct sb_sections_header
*shdr
;
1923 struct sb_section_ctx
*sctx
;
1925 char *bootable
= "";
1927 soprintf(ictx
, "----- Verifying SB Sections and Commands -----\n");
1929 for (i
= 0; i
< hdr
->section_count
; i
++) {
1930 sctx
= calloc(1, sizeof(*sctx
));
1933 if (!ictx
->sect_head
) {
1934 ictx
->sect_head
= sctx
;
1935 ictx
->sect_tail
= sctx
;
1937 ictx
->sect_tail
->sect
= sctx
;
1938 ictx
->sect_tail
= sctx
;
1941 size
= fread(&sctx
->payload
, 1, sizeof(sctx
->payload
), fp
);
1942 if (size
!= sizeof(sctx
->payload
)) {
1943 fprintf(stderr
, "ERR: SB section header too short!\n");
1948 size
= fread(&ictx
->sb_dict_key
, 1, sizeof(ictx
->sb_dict_key
), fp
);
1949 if (size
!= sizeof(ictx
->sb_dict_key
)) {
1950 fprintf(stderr
, "ERR: SB key dictionary too short!\n");
1954 sb_encrypt_sb_sections_header(ictx
);
1955 sb_aes_reinit(ictx
, 0);
1956 sb_decrypt_key_dictionary_key(ictx
);
1958 sb_aes_reinit(ictx
, 0);
1960 sctx
= ictx
->sect_head
;
1962 shdr
= &sctx
->payload
;
1964 if (shdr
->section_flags
& SB_SECTION_FLAG_BOOTABLE
) {
1966 bootable
= " BOOTABLE";
1969 sctx
->size
= (shdr
->section_size
* SB_BLOCK_SIZE
) +
1970 sizeof(struct sb_command
);
1971 soprintf(ictx
, "SECTION 0x%x%s # size = %i bytes\n",
1972 shdr
->section_number
, bootable
, sctx
->size
);
1974 if (shdr
->section_flags
& ~SB_SECTION_FLAG_BOOTABLE
)
1975 fprintf(stderr
, " WARN: Unknown section flag(s) %08x\n",
1976 shdr
->section_flags
);
1978 if ((shdr
->section_flags
& SB_SECTION_FLAG_BOOTABLE
) &&
1979 (hdr
->first_boot_section_id
!= shdr
->section_number
)) {
1981 " WARN: Bootable section does ID not match image header ID!\n");
1984 ret
= sb_verify_commands(ictx
, sctx
, fp
);
1993 * check if the first TAG command is at sctx->section_offset
1998 static int sb_verify_image_end(struct sb_image_ctx
*ictx
,
1999 FILE *fp
, off_t filesz
)
2006 soprintf(ictx
, "------------- Verifying image end -------------\n");
2008 size
= fread(digest
, 1, sizeof(digest
), fp
);
2009 if (size
!= sizeof(digest
)) {
2010 fprintf(stderr
, "ERR: SB key dictionary too short!\n");
2015 if (pos
!= filesz
) {
2016 fprintf(stderr
, "ERR: Trailing data past the image!\n");
2020 /* Check the image digest. */
2021 EVP_DigestFinal(&ictx
->md_ctx
, ictx
->digest
, NULL
);
2023 /* Decrypt the image digest from the input image. */
2024 sb_aes_reinit(ictx
, 0);
2025 sb_aes_crypt(ictx
, digest
, digest
, sizeof(digest
));
2027 /* Check all of 20 bytes of the SHA1 hash. */
2028 ret
= memcmp(digest
, ictx
->digest
, 20) ? -EINVAL
: 0;
2031 soprintf(ictx
, "[FAIL] Full-image checksum: BAD\n");
2033 soprintf(ictx
, "[PASS] Full-image checksum: OK\n");
2039 static int sb_build_tree_from_img(struct sb_image_ctx
*ictx
)
2045 if (!ictx
->input_filename
) {
2046 fprintf(stderr
, "ERR: Missing filename!\n");
2050 fp
= fopen(ictx
->input_filename
, "r");
2054 ret
= fseek(fp
, 0, SEEK_END
);
2058 filesize
= ftell(fp
);
2062 ret
= fseek(fp
, 0, SEEK_SET
);
2066 if (filesize
< (signed)sizeof(ictx
->payload
)) {
2067 fprintf(stderr
, "ERR: File too short!\n");
2071 if (filesize
& (SB_BLOCK_SIZE
- 1)) {
2072 fprintf(stderr
, "ERR: The file is not aligned!\n");
2076 /* Load and verify image header */
2077 ret
= sb_verify_image_header(ictx
, fp
, filesize
);
2081 /* Load and verify sections and commands */
2082 ret
= sb_verify_sections_cmds(ictx
, fp
);
2086 ret
= sb_verify_image_end(ictx
, fp
, filesize
);
2093 soprintf(ictx
, "-------------------- Result -------------------\n");
2094 soprintf(ictx
, "Verification %s\n", ret
? "FAILED" : "PASSED");
2096 /* Stop the encryption session. */
2097 sb_aes_deinit(&ictx
->cipher_ctx
);
2105 fprintf(stderr
, "ERR: Failed to load file \"%s\"\n",
2106 ictx
->input_filename
);
2110 static void sb_free_image(struct sb_image_ctx
*ictx
)
2112 struct sb_section_ctx
*sctx
= ictx
->sect_head
, *s_head
;
2113 struct sb_dcd_ctx
*dctx
= ictx
->dcd_head
, *d_head
;
2114 struct sb_cmd_ctx
*cctx
, *c_head
;
2118 c_head
= sctx
->cmd_head
;
2122 c_head
= c_head
->cmd
;
2135 free(d_head
->payload
);
2141 * MXSSB-MKIMAGE glue code.
2143 static int mxsimage_check_image_types(uint8_t type
)
2145 if (type
== IH_TYPE_MXSIMAGE
)
2146 return EXIT_SUCCESS
;
2148 return EXIT_FAILURE
;
2151 static void mxsimage_set_header(void *ptr
, struct stat
*sbuf
, int ifd
,
2152 struct image_tool_params
*params
)
2156 int mxsimage_check_params(struct image_tool_params
*params
)
2160 if (!strlen(params
->imagename
)) {
2162 "Error: %s - Configuration file not specified, it is needed for mxsimage generation\n",
2169 * XIP is not allowed and verify that incompatible
2170 * parameters are not sent at the same time
2171 * For example, if list is required a data image must not be provided
2173 return (params
->dflag
&& (params
->fflag
|| params
->lflag
)) ||
2174 (params
->fflag
&& (params
->dflag
|| params
->lflag
)) ||
2175 (params
->lflag
&& (params
->dflag
|| params
->fflag
)) ||
2176 (params
->xflag
) || !(strlen(params
->imagename
));
2179 static int mxsimage_verify_print_header(char *file
, int silent
)
2182 struct sb_image_ctx ctx
;
2184 memset(&ctx
, 0, sizeof(ctx
));
2186 ctx
.input_filename
= file
;
2187 ctx
.silent_dump
= silent
;
2189 ret
= sb_build_tree_from_img(&ctx
);
2190 sb_free_image(&ctx
);
2196 static int mxsimage_verify_header(unsigned char *ptr
, int image_size
,
2197 struct image_tool_params
*params
)
2199 struct sb_boot_image_header
*hdr
;
2204 hdr
= (struct sb_boot_image_header
*)ptr
;
2207 * Check if the header contains the MXS image signatures,
2208 * if so, do a full-image verification.
2210 if (memcmp(hdr
->signature1
, "STMP", 4) ||
2211 memcmp(hdr
->signature2
, "sgtl", 4))
2214 imagefile
= params
->imagefile
;
2216 return mxsimage_verify_print_header(params
->imagefile
, 1);
2219 static void mxsimage_print_header(const void *hdr
)
2222 mxsimage_verify_print_header(imagefile
, 0);
2225 static int sb_build_image(struct sb_image_ctx
*ictx
,
2226 struct image_type_params
*tparams
)
2228 struct sb_boot_image_header
*sb_header
= &ictx
->payload
;
2229 struct sb_section_ctx
*sctx
;
2230 struct sb_cmd_ctx
*cctx
;
2231 struct sb_command
*ccmd
;
2232 struct sb_key_dictionary_key
*sb_dict_key
= &ictx
->sb_dict_key
;
2234 uint8_t *image
, *iptr
;
2236 /* Calculate image size. */
2237 uint32_t size
= sizeof(*sb_header
) +
2238 ictx
->sect_count
* sizeof(struct sb_sections_header
) +
2239 sizeof(*sb_dict_key
) + sizeof(ictx
->digest
);
2241 sctx
= ictx
->sect_head
;
2247 image
= malloc(size
);
2252 memcpy(iptr
, sb_header
, sizeof(*sb_header
));
2253 iptr
+= sizeof(*sb_header
);
2255 sctx
= ictx
->sect_head
;
2257 memcpy(iptr
, &sctx
->payload
, sizeof(struct sb_sections_header
));
2258 iptr
+= sizeof(struct sb_sections_header
);
2262 memcpy(iptr
, sb_dict_key
, sizeof(*sb_dict_key
));
2263 iptr
+= sizeof(*sb_dict_key
);
2265 sctx
= ictx
->sect_head
;
2267 cctx
= sctx
->cmd_head
;
2269 ccmd
= &cctx
->payload
;
2271 memcpy(iptr
, &cctx
->c_payload
, sizeof(cctx
->payload
));
2272 iptr
+= sizeof(cctx
->payload
);
2274 if (ccmd
->header
.tag
== ROM_LOAD_CMD
) {
2275 memcpy(iptr
, cctx
->data
, cctx
->length
);
2276 iptr
+= cctx
->length
;
2285 memcpy(iptr
, ictx
->digest
, sizeof(ictx
->digest
));
2286 iptr
+= sizeof(ictx
->digest
);
2288 /* Configure the mkimage */
2289 tparams
->hdr
= image
;
2290 tparams
->header_size
= size
;
2295 static int mxsimage_generate(struct image_tool_params
*params
,
2296 struct image_type_params
*tparams
)
2299 struct sb_image_ctx ctx
;
2301 /* Do not copy the U-Boot image! */
2302 params
->skipcpy
= 1;
2304 memset(&ctx
, 0, sizeof(ctx
));
2306 ctx
.cfg_filename
= params
->imagename
;
2307 ctx
.output_filename
= params
->imagefile
;
2308 ctx
.verbose_boot
= 1;
2310 ret
= sb_build_tree_from_cfg(&ctx
);
2314 ret
= sb_encrypt_image(&ctx
);
2316 ret
= sb_build_image(&ctx
, tparams
);
2319 sb_free_image(&ctx
);
2325 * mxsimage parameters
2327 static struct image_type_params mxsimage_params
= {
2328 .name
= "Freescale MXS Boot Image support",
2331 .check_image_type
= mxsimage_check_image_types
,
2332 .verify_header
= mxsimage_verify_header
,
2333 .print_header
= mxsimage_print_header
,
2334 .set_header
= mxsimage_set_header
,
2335 .check_params
= mxsimage_check_params
,
2336 .vrec_header
= mxsimage_generate
,
2339 void init_mxs_image_type(void)
2341 register_image_type(&mxsimage_params
);
2345 void init_mxs_image_type(void)