1 // SPDX-License-Identifier: GPL-2.0+
3 * Freescale i.MX23/i.MX28 SB image generator
5 * Copyright (C) 2012-2013 Marek Vasut <marex@denx.de>
14 #include <u-boot/crc.h>
18 #include <openssl/evp.h>
20 #include "imagetool.h"
22 #include "pbl_crc32.h"
26 * OpenSSL 1.1.0 and newer compatibility functions:
27 * https://wiki.openssl.org/index.php/1.1_API_Changes
29 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
30 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
31 static void *OPENSSL_zalloc(size_t num
)
33 void *ret
= OPENSSL_malloc(num
);
40 EVP_MD_CTX
*EVP_MD_CTX_new(void)
42 return OPENSSL_zalloc(sizeof(EVP_MD_CTX
));
45 void EVP_MD_CTX_free(EVP_MD_CTX
*ctx
)
47 EVP_MD_CTX_cleanup(ctx
);
51 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX
*ctx
)
53 return EVP_CIPHER_CTX_cleanup(ctx
);
59 * |-Write to address command block
62 * |-ORR address with mask command block
64 * |-Write to address command block
68 #define SB_HAB_DCD_WRITE 0xccUL
69 #define SB_HAB_DCD_CHECK 0xcfUL
70 #define SB_HAB_DCD_NOOP 0xc0UL
71 #define SB_HAB_DCD_MASK_BIT (1 << 3)
72 #define SB_HAB_DCD_SET_BIT (1 << 4)
74 /* Addr.n = Value.n */
75 #define SB_DCD_WRITE \
76 (SB_HAB_DCD_WRITE << 24)
77 /* Addr.n &= ~Value.n */
79 ((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT)
80 /* Addr.n |= Value.n */
82 ((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
83 /* (Addr.n & Value.n) == 0 */
84 #define SB_DCD_CHK_EQZ \
85 (SB_HAB_DCD_CHECK << 24)
86 /* (Addr.n & Value.n) == Value.n */
87 #define SB_DCD_CHK_EQ \
88 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT)
89 /* (Addr.n & Value.n) != Value.n */
90 #define SB_DCD_CHK_NEQ \
91 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_MASK_BIT)
92 /* (Addr.n & Value.n) != 0 */
93 #define SB_DCD_CHK_NEZ \
94 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
97 (SB_HAB_DCD_NOOP << 24)
100 struct sb_dcd_ctx
*dcd
;
106 /* Size of the whole DCD block. */
109 /* Pointer to previous DCD command block. */
110 uint32_t *prev_dcd_head
;
132 struct sb_cmd_ctx
*cmd
;
137 struct sb_command payload
;
138 struct sb_command c_payload
;
141 struct sb_section_ctx
{
147 struct sb_section_ctx
*sect
;
149 struct sb_cmd_ctx
*cmd_head
;
150 struct sb_cmd_ctx
*cmd_tail
;
152 struct sb_sections_header payload
;
155 struct sb_image_ctx
{
156 unsigned int in_section
:1;
157 unsigned int in_dcd
:1;
158 /* Image configuration */
159 unsigned int display_progress
:1;
160 unsigned int silent_dump
:1;
161 char *input_filename
;
162 char *output_filename
;
164 uint8_t image_key
[16];
166 /* Number of section in the image */
167 unsigned int sect_count
;
168 /* Bootable section */
169 unsigned int sect_boot
;
170 unsigned int sect_boot_found
:1;
172 struct sb_section_ctx
*sect_head
;
173 struct sb_section_ctx
*sect_tail
;
175 struct sb_dcd_ctx
*dcd_head
;
176 struct sb_dcd_ctx
*dcd_tail
;
178 EVP_CIPHER_CTX
*cipher_ctx
;
181 struct sb_key_dictionary_key sb_dict_key
;
183 struct sb_boot_image_header payload
;
187 * Instruction semantics:
191 * LOAD IVT address IVT_entry_point
192 * FILL address pattern length
193 * JUMP [HAB] address [r0_arg]
194 * CALL [HAB] address [r0_arg]
196 * For i.MX23, mode = USB/I2C/SPI1_FLASH/SPI2_FLASH/NAND_BCH
197 * JTAG/SPI3_EEPROM/SD_SSP0/SD_SSP1
198 * For i.MX28, mode = USB/I2C/SPI2_FLASH/SPI3_FLASH/NAND_BCH
199 * JTAG/SPI2_EEPROM/SD_SSP0/SD_SSP1
205 static int sb_aes_init(struct sb_image_ctx
*ictx
, uint8_t *iv
, int enc
)
210 /* If there is no init vector, init vector is all zeroes. */
212 iv
= ictx
->image_key
;
214 ctx
= EVP_CIPHER_CTX_new();
215 ret
= EVP_CipherInit(ctx
, EVP_aes_128_cbc(), ictx
->image_key
, iv
, enc
);
217 EVP_CIPHER_CTX_set_padding(ctx
, 0);
218 ictx
->cipher_ctx
= ctx
;
223 static int sb_aes_crypt(struct sb_image_ctx
*ictx
, uint8_t *in_data
,
224 uint8_t *out_data
, int in_len
)
226 EVP_CIPHER_CTX
*ctx
= ictx
->cipher_ctx
;
230 outbuf
= malloc(in_len
);
233 memset(outbuf
, 0, sizeof(in_len
));
235 ret
= EVP_CipherUpdate(ctx
, outbuf
, &outlen
, in_data
, in_len
);
242 memcpy(out_data
, outbuf
, outlen
);
249 static int sb_aes_deinit(EVP_CIPHER_CTX
*ctx
)
251 return EVP_CIPHER_CTX_reset(ctx
);
254 static int sb_aes_reinit(struct sb_image_ctx
*ictx
, int enc
)
257 EVP_CIPHER_CTX
*ctx
= ictx
->cipher_ctx
;
258 struct sb_boot_image_header
*sb_header
= &ictx
->payload
;
259 uint8_t *iv
= sb_header
->iv
;
261 ret
= sb_aes_deinit(ctx
);
264 return sb_aes_init(ictx
, iv
, enc
);
270 static void soprintf(struct sb_image_ctx
*ictx
, const char *fmt
, ...)
274 if (ictx
->silent_dump
)
278 vfprintf(stdout
, fmt
, ap
);
285 static time_t sb_get_timestamp(void)
287 struct tm time_2000
= {
288 .tm_yday
= 1, /* Jan. 1st */
289 .tm_year
= 100, /* 2000 */
291 time_t seconds_to_2000
= mktime(&time_2000
);
292 time_t seconds_to_now
= time(NULL
);
294 return seconds_to_now
- seconds_to_2000
;
297 static int sb_get_time(time_t time
, struct tm
*tm
)
299 struct tm time_2000
= {
300 .tm_yday
= 1, /* Jan. 1st */
301 .tm_year
= 0, /* 1900 */
303 const time_t seconds_to_2000
= mktime(&time_2000
);
304 const time_t seconds_to_now
= seconds_to_2000
+ time
;
306 ret
= gmtime_r(&seconds_to_now
, tm
);
307 return ret
? 0 : -EINVAL
;
310 static void sb_encrypt_sb_header(struct sb_image_ctx
*ictx
)
312 EVP_MD_CTX
*md_ctx
= ictx
->md_ctx
;
313 struct sb_boot_image_header
*sb_header
= &ictx
->payload
;
314 uint8_t *sb_header_ptr
= (uint8_t *)sb_header
;
316 /* Encrypt the header, compute the digest. */
317 sb_aes_crypt(ictx
, sb_header_ptr
, NULL
, sizeof(*sb_header
));
318 EVP_DigestUpdate(md_ctx
, sb_header_ptr
, sizeof(*sb_header
));
321 static void sb_encrypt_sb_sections_header(struct sb_image_ctx
*ictx
)
323 EVP_MD_CTX
*md_ctx
= ictx
->md_ctx
;
324 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
325 struct sb_sections_header
*shdr
;
326 uint8_t *sb_sections_header_ptr
;
327 const int size
= sizeof(*shdr
);
330 shdr
= &sctx
->payload
;
331 sb_sections_header_ptr
= (uint8_t *)shdr
;
333 sb_aes_crypt(ictx
, sb_sections_header_ptr
,
334 ictx
->sb_dict_key
.cbc_mac
, size
);
335 EVP_DigestUpdate(md_ctx
, sb_sections_header_ptr
, size
);
341 static void sb_encrypt_key_dictionary_key(struct sb_image_ctx
*ictx
)
343 EVP_MD_CTX
*md_ctx
= ictx
->md_ctx
;
345 sb_aes_crypt(ictx
, ictx
->image_key
, ictx
->sb_dict_key
.key
,
346 sizeof(ictx
->sb_dict_key
.key
));
347 EVP_DigestUpdate(md_ctx
, &ictx
->sb_dict_key
, sizeof(ictx
->sb_dict_key
));
350 static void sb_decrypt_key_dictionary_key(struct sb_image_ctx
*ictx
)
352 EVP_MD_CTX
*md_ctx
= ictx
->md_ctx
;
354 EVP_DigestUpdate(md_ctx
, &ictx
->sb_dict_key
, sizeof(ictx
->sb_dict_key
));
355 sb_aes_crypt(ictx
, ictx
->sb_dict_key
.key
, ictx
->image_key
,
356 sizeof(ictx
->sb_dict_key
.key
));
359 static void sb_encrypt_tag(struct sb_image_ctx
*ictx
,
360 struct sb_cmd_ctx
*cctx
)
362 EVP_MD_CTX
*md_ctx
= ictx
->md_ctx
;
363 struct sb_command
*cmd
= &cctx
->payload
;
365 sb_aes_crypt(ictx
, (uint8_t *)cmd
,
366 (uint8_t *)&cctx
->c_payload
, sizeof(*cmd
));
367 EVP_DigestUpdate(md_ctx
, &cctx
->c_payload
, sizeof(*cmd
));
370 static int sb_encrypt_image(struct sb_image_ctx
*ictx
)
372 /* Start image-wide crypto. */
373 ictx
->md_ctx
= EVP_MD_CTX_new();
374 EVP_DigestInit(ictx
->md_ctx
, EVP_sha1());
379 sb_aes_init(ictx
, NULL
, 1);
380 sb_encrypt_sb_header(ictx
);
383 * SB sections header.
385 sb_encrypt_sb_sections_header(ictx
);
390 sb_aes_reinit(ictx
, 1);
391 sb_encrypt_key_dictionary_key(ictx
);
396 struct sb_cmd_ctx
*cctx
;
397 struct sb_command
*ccmd
;
398 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
401 cctx
= sctx
->cmd_head
;
403 sb_aes_reinit(ictx
, 1);
406 ccmd
= &cctx
->payload
;
408 sb_encrypt_tag(ictx
, cctx
);
410 if (ccmd
->header
.tag
== ROM_TAG_CMD
) {
411 sb_aes_reinit(ictx
, 1);
412 } else if (ccmd
->header
.tag
== ROM_LOAD_CMD
) {
413 sb_aes_crypt(ictx
, cctx
->data
, cctx
->data
,
415 EVP_DigestUpdate(ictx
->md_ctx
, cctx
->data
,
426 * Dump the SHA1 of the whole image.
428 sb_aes_reinit(ictx
, 1);
430 EVP_DigestFinal(ictx
->md_ctx
, ictx
->digest
, NULL
);
431 EVP_MD_CTX_free(ictx
->md_ctx
);
432 sb_aes_crypt(ictx
, ictx
->digest
, ictx
->digest
, sizeof(ictx
->digest
));
434 /* Stop the encryption session. */
435 sb_aes_deinit(ictx
->cipher_ctx
);
440 static int sb_load_file(struct sb_cmd_ctx
*cctx
, char *filename
)
442 long real_size
, roundup_size
;
449 fprintf(stderr
, "ERR: Missing filename!\n");
453 fp
= fopen(filename
, "r");
457 ret
= fseek(fp
, 0, SEEK_END
);
461 real_size
= ftell(fp
);
465 ret
= fseek(fp
, 0, SEEK_SET
);
469 roundup_size
= roundup(real_size
, SB_BLOCK_SIZE
);
470 data
= calloc(1, roundup_size
);
474 size
= fread(data
, 1, real_size
, fp
);
475 if (size
!= (unsigned long)real_size
)
479 cctx
->length
= roundup_size
;
489 fprintf(stderr
, "ERR: Failed to load file \"%s\"\n", filename
);
493 static uint8_t sb_command_checksum(struct sb_command
*inst
)
495 uint8_t *inst_ptr
= (uint8_t *)inst
;
499 for (i
= 0; i
< sizeof(struct sb_command
); i
++)
505 static int sb_token_to_long(char *tok
, uint32_t *rid
)
510 if (tok
[0] != '0' || tok
[1] != 'x') {
511 fprintf(stderr
, "ERR: Invalid hexadecimal number!\n");
518 id
= strtoul(tok
, &endptr
, 16);
519 if ((errno
== ERANGE
&& id
== ULONG_MAX
) || (errno
!= 0 && id
== 0)) {
520 fprintf(stderr
, "ERR: Value can't be decoded!\n");
524 /* Check for 32-bit overflow. */
525 if (id
> 0xffffffff) {
526 fprintf(stderr
, "ERR: Value too big!\n");
531 fprintf(stderr
, "ERR: Deformed value!\n");
539 static int sb_grow_dcd(struct sb_dcd_ctx
*dctx
, unsigned int inc_size
)
546 dctx
->size
+= inc_size
;
547 tmp
= realloc(dctx
->payload
, dctx
->size
);
553 /* Assemble and update the HAB DCD header. */
554 dctx
->payload
[0] = htonl((SB_HAB_DCD_TAG
<< 24) |
561 static int sb_build_dcd(struct sb_image_ctx
*ictx
, struct sb_cmd_list
*cmd
)
563 struct sb_dcd_ctx
*dctx
;
569 dctx
= calloc(1, sizeof(*dctx
));
573 ret
= sb_grow_dcd(dctx
, 4);
577 /* Read DCD block number. */
578 tok
= strtok(cmd
->cmd
, " ");
580 fprintf(stderr
, "#%i ERR: DCD block without number!\n",
586 /* Parse the DCD block number. */
587 ret
= sb_token_to_long(tok
, &id
);
589 fprintf(stderr
, "#%i ERR: Malformed DCD block number!\n",
597 * The DCD block is now constructed. Append it to the list.
598 * WARNING: The DCD size is still not computed and will be
599 * updated while parsing it's commands.
601 if (!ictx
->dcd_head
) {
602 ictx
->dcd_head
= dctx
;
603 ictx
->dcd_tail
= dctx
;
605 ictx
->dcd_tail
->dcd
= dctx
;
606 ictx
->dcd_tail
= dctx
;
617 static int sb_build_dcd_block(struct sb_image_ctx
*ictx
,
618 struct sb_cmd_list
*cmd
,
622 uint32_t address
, value
, length
;
625 struct sb_dcd_ctx
*dctx
= ictx
->dcd_tail
;
628 if (dctx
->prev_dcd_head
&& (type
!= SB_DCD_NOOP
) &&
629 ((dctx
->prev_dcd_head
[0] & 0xff0000ff) == type
)) {
630 /* Same instruction as before, just append it. */
631 ret
= sb_grow_dcd(dctx
, 8);
634 } else if (type
== SB_DCD_NOOP
) {
635 ret
= sb_grow_dcd(dctx
, 4);
639 /* Update DCD command block pointer. */
640 dctx
->prev_dcd_head
= dctx
->payload
+
641 dctx
->size
/ sizeof(*dctx
->payload
) - 1;
643 /* NOOP has only 4 bytes and no payload. */
647 * Either a different instruction block started now
648 * or this is the first instruction block.
650 ret
= sb_grow_dcd(dctx
, 12);
654 /* Update DCD command block pointer. */
655 dctx
->prev_dcd_head
= dctx
->payload
+
656 dctx
->size
/ sizeof(*dctx
->payload
) - 3;
659 dcd
= dctx
->payload
+ dctx
->size
/ sizeof(*dctx
->payload
) - 2;
662 * Prepare the command.
664 tok
= strtok(cmd
->cmd
, " ");
666 fprintf(stderr
, "#%i ERR: Missing DCD address!\n",
672 /* Read DCD destination address. */
673 ret
= sb_token_to_long(tok
, &address
);
675 fprintf(stderr
, "#%i ERR: Incorrect DCD address!\n",
680 tok
= strtok(NULL
, " ");
682 fprintf(stderr
, "#%i ERR: Missing DCD value!\n",
688 /* Read DCD operation value. */
689 ret
= sb_token_to_long(tok
, &value
);
691 fprintf(stderr
, "#%i ERR: Incorrect DCD value!\n",
696 /* Fill in the new DCD entry. */
697 dcd
[0] = htonl(address
);
698 dcd
[1] = htonl(value
);
701 /* Update the DCD command block. */
702 length
= dctx
->size
-
703 ((dctx
->prev_dcd_head
- dctx
->payload
) *
704 sizeof(*dctx
->payload
));
705 dctx
->prev_dcd_head
[0] = htonl(type
| (length
<< 8));
711 static int sb_build_section(struct sb_image_ctx
*ictx
, struct sb_cmd_list
*cmd
)
713 struct sb_section_ctx
*sctx
;
714 struct sb_sections_header
*shdr
;
716 uint32_t bootable
= 0;
720 sctx
= calloc(1, sizeof(*sctx
));
724 /* Read section number. */
725 tok
= strtok(cmd
->cmd
, " ");
727 fprintf(stderr
, "#%i ERR: Section without number!\n",
733 /* Parse the section number. */
734 ret
= sb_token_to_long(tok
, &id
);
736 fprintf(stderr
, "#%i ERR: Malformed section number!\n",
741 /* Read section's BOOTABLE flag. */
742 tok
= strtok(NULL
, " ");
743 if (tok
&& (strlen(tok
) == 8) && !strncmp(tok
, "BOOTABLE", 8))
744 bootable
= SB_SECTION_FLAG_BOOTABLE
;
746 sctx
->boot
= bootable
;
748 shdr
= &sctx
->payload
;
749 shdr
->section_number
= id
;
750 shdr
->section_flags
= bootable
;
753 * The section is now constructed. Append it to the list.
754 * WARNING: The section size is still not computed and will
755 * be updated while parsing it's commands.
759 /* Mark that this section is bootable one. */
761 if (ictx
->sect_boot_found
) {
763 "#%i WARN: Multiple bootable section!\n",
766 ictx
->sect_boot
= id
;
767 ictx
->sect_boot_found
= 1;
771 if (!ictx
->sect_head
) {
772 ictx
->sect_head
= sctx
;
773 ictx
->sect_tail
= sctx
;
775 ictx
->sect_tail
->sect
= sctx
;
776 ictx
->sect_tail
= sctx
;
786 static int sb_build_command_nop(struct sb_image_ctx
*ictx
)
788 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
789 struct sb_cmd_ctx
*cctx
;
790 struct sb_command
*ccmd
;
792 cctx
= calloc(1, sizeof(*cctx
));
796 ccmd
= &cctx
->payload
;
799 * Construct the command.
801 ccmd
->header
.checksum
= 0x5a;
802 ccmd
->header
.tag
= ROM_NOP_CMD
;
804 cctx
->size
= sizeof(*ccmd
);
807 * Append the command to the last section.
809 if (!sctx
->cmd_head
) {
810 sctx
->cmd_head
= cctx
;
811 sctx
->cmd_tail
= cctx
;
813 sctx
->cmd_tail
->cmd
= cctx
;
814 sctx
->cmd_tail
= cctx
;
820 static int sb_build_command_tag(struct sb_image_ctx
*ictx
,
821 struct sb_cmd_list
*cmd
)
823 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
824 struct sb_cmd_ctx
*cctx
;
825 struct sb_command
*ccmd
;
828 cctx
= calloc(1, sizeof(*cctx
));
832 ccmd
= &cctx
->payload
;
835 * Prepare the command.
837 /* Check for the LAST keyword. */
838 tok
= strtok(cmd
->cmd
, " ");
839 if (tok
&& !strcmp(tok
, "LAST"))
840 ccmd
->header
.flags
= ROM_TAG_CMD_FLAG_ROM_LAST_TAG
;
843 * Construct the command.
845 ccmd
->header
.checksum
= 0x5a;
846 ccmd
->header
.tag
= ROM_TAG_CMD
;
848 cctx
->size
= sizeof(*ccmd
);
851 * Append the command to the last section.
853 if (!sctx
->cmd_head
) {
854 sctx
->cmd_head
= cctx
;
855 sctx
->cmd_tail
= cctx
;
857 sctx
->cmd_tail
->cmd
= cctx
;
858 sctx
->cmd_tail
= cctx
;
864 static int sb_build_command_load(struct sb_image_ctx
*ictx
,
865 struct sb_cmd_list
*cmd
)
867 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
868 struct sb_cmd_ctx
*cctx
;
869 struct sb_command
*ccmd
;
871 int ret
, is_ivt
= 0, is_dcd
= 0;
872 uint32_t dest
, dcd
= 0;
874 cctx
= calloc(1, sizeof(*cctx
));
878 ccmd
= &cctx
->payload
;
881 * Prepare the command.
883 tok
= strtok(cmd
->cmd
, " ");
885 fprintf(stderr
, "#%i ERR: Missing LOAD address or 'IVT'!\n",
891 /* Check for "IVT" flag. */
892 if (!strcmp(tok
, "IVT"))
894 if (!strcmp(tok
, "DCD"))
896 if (is_ivt
|| is_dcd
) {
897 tok
= strtok(NULL
, " ");
899 fprintf(stderr
, "#%i ERR: Missing LOAD address!\n",
906 /* Read load destination address. */
907 ret
= sb_token_to_long(tok
, &dest
);
909 fprintf(stderr
, "#%i ERR: Incorrect LOAD address!\n",
914 /* Read filename or IVT entrypoint or DCD block ID. */
915 tok
= strtok(NULL
, " ");
918 "#%i ERR: Missing LOAD filename or IVT ep or DCD block ID!\n",
926 struct sb_ivt_header
*ivt
;
928 ret
= sb_token_to_long(tok
, &ivtep
);
932 "#%i ERR: Incorrect IVT entry point!\n",
937 ivt
= calloc(1, sizeof(*ivt
));
943 ivt
->header
= sb_hab_ivt_header();
947 cctx
->data
= (uint8_t *)ivt
;
948 cctx
->length
= sizeof(*ivt
);
950 struct sb_dcd_ctx
*dctx
= ictx
->dcd_head
;
954 ret
= sb_token_to_long(tok
, &dcdid
);
958 "#%i ERR: Incorrect DCD block ID!\n",
964 if (dctx
->id
== dcdid
)
970 fprintf(stderr
, "#%i ERR: DCD block %08x not found!\n",
975 asize
= roundup(dctx
->size
, SB_BLOCK_SIZE
);
976 payload
= calloc(1, asize
);
982 memcpy(payload
, dctx
->payload
, dctx
->size
);
984 cctx
->data
= payload
;
985 cctx
->length
= asize
;
987 /* Set the Load DCD flag. */
988 dcd
= ROM_LOAD_CMD_FLAG_DCD_LOAD
;
990 /* Regular LOAD of a file. */
991 ret
= sb_load_file(cctx
, tok
);
993 fprintf(stderr
, "#%i ERR: Cannot load '%s'!\n",
999 if (cctx
->length
& (SB_BLOCK_SIZE
- 1)) {
1000 fprintf(stderr
, "#%i ERR: Unaligned payload!\n",
1005 * Construct the command.
1007 ccmd
->header
.checksum
= 0x5a;
1008 ccmd
->header
.tag
= ROM_LOAD_CMD
;
1009 ccmd
->header
.flags
= dcd
;
1011 ccmd
->load
.address
= dest
;
1012 ccmd
->load
.count
= cctx
->length
;
1013 ccmd
->load
.crc32
= pbl_crc32(0,
1014 (const char *)cctx
->data
,
1017 cctx
->size
= sizeof(*ccmd
) + cctx
->length
;
1020 * Append the command to the last section.
1022 if (!sctx
->cmd_head
) {
1023 sctx
->cmd_head
= cctx
;
1024 sctx
->cmd_tail
= cctx
;
1026 sctx
->cmd_tail
->cmd
= cctx
;
1027 sctx
->cmd_tail
= cctx
;
1037 static int sb_build_command_fill(struct sb_image_ctx
*ictx
,
1038 struct sb_cmd_list
*cmd
)
1040 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
1041 struct sb_cmd_ctx
*cctx
;
1042 struct sb_command
*ccmd
;
1044 uint32_t address
, pattern
, length
;
1047 cctx
= calloc(1, sizeof(*cctx
));
1051 ccmd
= &cctx
->payload
;
1054 * Prepare the command.
1056 tok
= strtok(cmd
->cmd
, " ");
1058 fprintf(stderr
, "#%i ERR: Missing FILL address!\n",
1064 /* Read fill destination address. */
1065 ret
= sb_token_to_long(tok
, &address
);
1067 fprintf(stderr
, "#%i ERR: Incorrect FILL address!\n",
1072 tok
= strtok(NULL
, " ");
1074 fprintf(stderr
, "#%i ERR: Missing FILL pattern!\n",
1080 /* Read fill pattern address. */
1081 ret
= sb_token_to_long(tok
, &pattern
);
1083 fprintf(stderr
, "#%i ERR: Incorrect FILL pattern!\n",
1088 tok
= strtok(NULL
, " ");
1090 fprintf(stderr
, "#%i ERR: Missing FILL length!\n",
1096 /* Read fill pattern address. */
1097 ret
= sb_token_to_long(tok
, &length
);
1099 fprintf(stderr
, "#%i ERR: Incorrect FILL length!\n",
1105 * Construct the command.
1107 ccmd
->header
.checksum
= 0x5a;
1108 ccmd
->header
.tag
= ROM_FILL_CMD
;
1110 ccmd
->fill
.address
= address
;
1111 ccmd
->fill
.count
= length
;
1112 ccmd
->fill
.pattern
= pattern
;
1114 cctx
->size
= sizeof(*ccmd
);
1117 * Append the command to the last section.
1119 if (!sctx
->cmd_head
) {
1120 sctx
->cmd_head
= cctx
;
1121 sctx
->cmd_tail
= cctx
;
1123 sctx
->cmd_tail
->cmd
= cctx
;
1124 sctx
->cmd_tail
= cctx
;
1134 static int sb_build_command_jump_call(struct sb_image_ctx
*ictx
,
1135 struct sb_cmd_list
*cmd
,
1136 unsigned int is_call
)
1138 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
1139 struct sb_cmd_ctx
*cctx
;
1140 struct sb_command
*ccmd
;
1142 uint32_t dest
, arg
= 0x0;
1145 const char *cmdname
= is_call
? "CALL" : "JUMP";
1147 cctx
= calloc(1, sizeof(*cctx
));
1151 ccmd
= &cctx
->payload
;
1154 * Prepare the command.
1156 tok
= strtok(cmd
->cmd
, " ");
1159 "#%i ERR: Missing %s address or 'HAB'!\n",
1160 cmd
->lineno
, cmdname
);
1165 /* Check for "HAB" flag. */
1166 if (!strcmp(tok
, "HAB")) {
1167 hab
= is_call
? ROM_CALL_CMD_FLAG_HAB
: ROM_JUMP_CMD_FLAG_HAB
;
1168 tok
= strtok(NULL
, " ");
1170 fprintf(stderr
, "#%i ERR: Missing %s address!\n",
1171 cmd
->lineno
, cmdname
);
1176 /* Read load destination address. */
1177 ret
= sb_token_to_long(tok
, &dest
);
1179 fprintf(stderr
, "#%i ERR: Incorrect %s address!\n",
1180 cmd
->lineno
, cmdname
);
1184 tok
= strtok(NULL
, " ");
1186 ret
= sb_token_to_long(tok
, &arg
);
1189 "#%i ERR: Incorrect %s argument!\n",
1190 cmd
->lineno
, cmdname
);
1196 * Construct the command.
1198 ccmd
->header
.checksum
= 0x5a;
1199 ccmd
->header
.tag
= is_call
? ROM_CALL_CMD
: ROM_JUMP_CMD
;
1200 ccmd
->header
.flags
= hab
;
1202 ccmd
->call
.address
= dest
;
1203 ccmd
->call
.argument
= arg
;
1205 cctx
->size
= sizeof(*ccmd
);
1208 * Append the command to the last section.
1210 if (!sctx
->cmd_head
) {
1211 sctx
->cmd_head
= cctx
;
1212 sctx
->cmd_tail
= cctx
;
1214 sctx
->cmd_tail
->cmd
= cctx
;
1215 sctx
->cmd_tail
= cctx
;
1225 static int sb_build_command_jump(struct sb_image_ctx
*ictx
,
1226 struct sb_cmd_list
*cmd
)
1228 return sb_build_command_jump_call(ictx
, cmd
, 0);
1231 static int sb_build_command_call(struct sb_image_ctx
*ictx
,
1232 struct sb_cmd_list
*cmd
)
1234 return sb_build_command_jump_call(ictx
, cmd
, 1);
1237 static int sb_build_command_mode(struct sb_image_ctx
*ictx
,
1238 struct sb_cmd_list
*cmd
)
1240 struct sb_section_ctx
*sctx
= ictx
->sect_tail
;
1241 struct sb_cmd_ctx
*cctx
;
1242 struct sb_command
*ccmd
;
1246 uint32_t mode
= 0xffffffff;
1248 cctx
= calloc(1, sizeof(*cctx
));
1252 ccmd
= &cctx
->payload
;
1255 * Prepare the command.
1257 tok
= strtok(cmd
->cmd
, " ");
1259 fprintf(stderr
, "#%i ERR: Missing MODE boot mode argument!\n",
1265 for (i
= 0; i
< ARRAY_SIZE(modetable
); i
++) {
1266 if (!strcmp(tok
, modetable
[i
].name
)) {
1267 mode
= modetable
[i
].mode
;
1271 if (!modetable
[i
].altname
)
1274 if (!strcmp(tok
, modetable
[i
].altname
)) {
1275 mode
= modetable
[i
].mode
;
1280 if (mode
== 0xffffffff) {
1281 fprintf(stderr
, "#%i ERR: Invalid MODE boot mode argument!\n",
1288 * Construct the command.
1290 ccmd
->header
.checksum
= 0x5a;
1291 ccmd
->header
.tag
= ROM_MODE_CMD
;
1293 ccmd
->mode
.mode
= mode
;
1295 cctx
->size
= sizeof(*ccmd
);
1298 * Append the command to the last section.
1300 if (!sctx
->cmd_head
) {
1301 sctx
->cmd_head
= cctx
;
1302 sctx
->cmd_tail
= cctx
;
1304 sctx
->cmd_tail
->cmd
= cctx
;
1305 sctx
->cmd_tail
= cctx
;
1315 static int sb_prefill_image_header(struct sb_image_ctx
*ictx
)
1317 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1319 /* Fill signatures */
1320 memcpy(hdr
->signature1
, "STMP", 4);
1321 memcpy(hdr
->signature2
, "sgtl", 4);
1323 /* SB Image version 1.1 */
1324 hdr
->major_version
= SB_VERSION_MAJOR
;
1325 hdr
->minor_version
= SB_VERSION_MINOR
;
1327 /* Boot image major version */
1328 hdr
->product_version
.major
= htons(0x999);
1329 hdr
->product_version
.minor
= htons(0x999);
1330 hdr
->product_version
.revision
= htons(0x999);
1331 /* Boot image major version */
1332 hdr
->component_version
.major
= htons(0x999);
1333 hdr
->component_version
.minor
= htons(0x999);
1334 hdr
->component_version
.revision
= htons(0x999);
1336 /* Drive tag must be 0x0 for i.MX23 */
1339 hdr
->header_blocks
=
1340 sizeof(struct sb_boot_image_header
) / SB_BLOCK_SIZE
;
1341 hdr
->section_header_size
=
1342 sizeof(struct sb_sections_header
) / SB_BLOCK_SIZE
;
1343 hdr
->timestamp_us
= sb_get_timestamp() * 1000000;
1345 hdr
->flags
= ictx
->display_progress
?
1346 SB_IMAGE_FLAG_DISPLAY_PROGRESS
: 0;
1348 /* FIXME -- We support only default key */
1354 static int sb_postfill_image_header(struct sb_image_ctx
*ictx
)
1356 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1357 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
1358 uint32_t kd_size
, sections_blocks
;
1361 /* The main SB header size in blocks. */
1362 hdr
->image_blocks
= hdr
->header_blocks
;
1364 /* Size of the key dictionary, which has single zero entry. */
1365 kd_size
= hdr
->key_count
* sizeof(struct sb_key_dictionary_key
);
1366 hdr
->image_blocks
+= kd_size
/ SB_BLOCK_SIZE
;
1368 /* Now count the payloads. */
1369 hdr
->section_count
= ictx
->sect_count
;
1371 hdr
->image_blocks
+= sctx
->size
/ SB_BLOCK_SIZE
;
1375 if (!ictx
->sect_boot_found
) {
1376 fprintf(stderr
, "ERR: No bootable section selected!\n");
1379 hdr
->first_boot_section_id
= ictx
->sect_boot
;
1381 /* The n * SB section size in blocks. */
1382 sections_blocks
= hdr
->section_count
* hdr
->section_header_size
;
1383 hdr
->image_blocks
+= sections_blocks
;
1385 /* Key dictionary offset. */
1386 hdr
->key_dictionary_block
= hdr
->header_blocks
+ sections_blocks
;
1388 /* Digest of the whole image. */
1389 hdr
->image_blocks
+= 2;
1391 /* Pointer past the dictionary. */
1392 hdr
->first_boot_tag_block
=
1393 hdr
->key_dictionary_block
+ kd_size
/ SB_BLOCK_SIZE
;
1395 /* Compute header digest. */
1396 md_ctx
= EVP_MD_CTX_new();
1398 EVP_DigestInit(md_ctx
, EVP_sha1());
1399 EVP_DigestUpdate(md_ctx
, hdr
->signature1
,
1400 sizeof(struct sb_boot_image_header
) -
1401 sizeof(hdr
->digest
));
1402 EVP_DigestFinal(md_ctx
, hdr
->digest
, NULL
);
1403 EVP_MD_CTX_free(md_ctx
);
1408 static int sb_fixup_sections_and_tags(struct sb_image_ctx
*ictx
)
1410 /* Fixup the placement of sections. */
1411 struct sb_boot_image_header
*ihdr
= &ictx
->payload
;
1412 struct sb_section_ctx
*sctx
= ictx
->sect_head
;
1413 struct sb_sections_header
*shdr
;
1414 struct sb_cmd_ctx
*cctx
;
1415 struct sb_command
*ccmd
;
1416 uint32_t offset
= ihdr
->first_boot_tag_block
;
1419 shdr
= &sctx
->payload
;
1421 /* Fill in the section TAG offset. */
1422 shdr
->section_offset
= offset
+ 1;
1423 offset
+= shdr
->section_size
;
1425 /* Section length is measured from the TAG block. */
1426 shdr
->section_size
--;
1428 /* Fixup the TAG command. */
1429 cctx
= sctx
->cmd_head
;
1431 ccmd
= &cctx
->payload
;
1432 if (ccmd
->header
.tag
== ROM_TAG_CMD
) {
1433 ccmd
->tag
.section_number
= shdr
->section_number
;
1434 ccmd
->tag
.section_length
= shdr
->section_size
;
1435 ccmd
->tag
.section_flags
= shdr
->section_flags
;
1438 /* Update the command checksum. */
1439 ccmd
->header
.checksum
= sb_command_checksum(ccmd
);
1450 static int sb_parse_line(struct sb_image_ctx
*ictx
, struct sb_cmd_list
*cmd
)
1453 char *line
= cmd
->cmd
;
1457 /* Analyze the identifier on this line first. */
1458 tok
= strtok_r(line
, " ", &rptr
);
1459 if (!tok
|| (strlen(tok
) == 0)) {
1460 fprintf(stderr
, "#%i ERR: Invalid line!\n", cmd
->lineno
);
1466 /* set DISPLAY_PROGRESS flag */
1467 if (!strcmp(tok
, "DISPLAYPROGRESS")) {
1468 ictx
->display_progress
= 1;
1473 if (!strcmp(tok
, "DCD")) {
1474 ictx
->in_section
= 0;
1476 sb_build_dcd(ictx
, cmd
);
1481 if (!strcmp(tok
, "SECTION")) {
1482 ictx
->in_section
= 1;
1484 sb_build_section(ictx
, cmd
);
1488 if (!ictx
->in_section
&& !ictx
->in_dcd
) {
1489 fprintf(stderr
, "#%i ERR: Data outside of a section!\n",
1494 if (ictx
->in_section
) {
1495 /* Section commands */
1496 if (!strcmp(tok
, "NOP")) {
1497 ret
= sb_build_command_nop(ictx
);
1498 } else if (!strcmp(tok
, "TAG")) {
1499 ret
= sb_build_command_tag(ictx
, cmd
);
1500 } else if (!strcmp(tok
, "LOAD")) {
1501 ret
= sb_build_command_load(ictx
, cmd
);
1502 } else if (!strcmp(tok
, "FILL")) {
1503 ret
= sb_build_command_fill(ictx
, cmd
);
1504 } else if (!strcmp(tok
, "JUMP")) {
1505 ret
= sb_build_command_jump(ictx
, cmd
);
1506 } else if (!strcmp(tok
, "CALL")) {
1507 ret
= sb_build_command_call(ictx
, cmd
);
1508 } else if (!strcmp(tok
, "MODE")) {
1509 ret
= sb_build_command_mode(ictx
, cmd
);
1512 "#%i ERR: Unsupported instruction '%s'!\n",
1516 } else if (ictx
->in_dcd
) {
1518 uint32_t ilen
= '1';
1520 tok
= strtok_r(tok
, ".", &lptr
);
1521 if (!tok
|| (strlen(tok
) == 0) || (lptr
&& strlen(lptr
) != 1)) {
1522 fprintf(stderr
, "#%i ERR: Invalid line!\n",
1528 (lptr
[0] != '1' && lptr
[0] != '2' && lptr
[0] != '4')) {
1529 fprintf(stderr
, "#%i ERR: Invalid instruction width!\n",
1535 ilen
= lptr
[0] - '1';
1538 if (!strcmp(tok
, "WRITE")) {
1539 ret
= sb_build_dcd_block(ictx
, cmd
,
1540 SB_DCD_WRITE
| ilen
);
1541 } else if (!strcmp(tok
, "ANDC")) {
1542 ret
= sb_build_dcd_block(ictx
, cmd
,
1543 SB_DCD_ANDC
| ilen
);
1544 } else if (!strcmp(tok
, "ORR")) {
1545 ret
= sb_build_dcd_block(ictx
, cmd
,
1547 } else if (!strcmp(tok
, "EQZ")) {
1548 ret
= sb_build_dcd_block(ictx
, cmd
,
1549 SB_DCD_CHK_EQZ
| ilen
);
1550 } else if (!strcmp(tok
, "EQ")) {
1551 ret
= sb_build_dcd_block(ictx
, cmd
,
1552 SB_DCD_CHK_EQ
| ilen
);
1553 } else if (!strcmp(tok
, "NEQ")) {
1554 ret
= sb_build_dcd_block(ictx
, cmd
,
1555 SB_DCD_CHK_NEQ
| ilen
);
1556 } else if (!strcmp(tok
, "NEZ")) {
1557 ret
= sb_build_dcd_block(ictx
, cmd
,
1558 SB_DCD_CHK_NEZ
| ilen
);
1559 } else if (!strcmp(tok
, "NOOP")) {
1560 ret
= sb_build_dcd_block(ictx
, cmd
, SB_DCD_NOOP
);
1563 "#%i ERR: Unsupported instruction '%s'!\n",
1568 fprintf(stderr
, "#%i ERR: Unsupported instruction '%s'!\n",
1574 * Here we have at least one section with one command, otherwise we
1575 * would have failed already higher above.
1577 * FIXME -- should the updating happen here ?
1579 if (ictx
->in_section
&& !ret
) {
1580 ictx
->sect_tail
->size
+= ictx
->sect_tail
->cmd_tail
->size
;
1581 ictx
->sect_tail
->payload
.section_size
=
1582 ictx
->sect_tail
->size
/ SB_BLOCK_SIZE
;
1588 static int sb_load_cmdfile(struct sb_image_ctx
*ictx
)
1590 struct sb_cmd_list cmd
;
1597 fp
= fopen(ictx
->cfg_filename
, "r");
1599 fprintf(stderr
, "ERR: Failed to load file \"%s\": \"%s\"\n",
1600 ictx
->cfg_filename
, strerror(errno
));
1604 while ((rlen
= getline(&line
, &len
, fp
)) > 0) {
1605 memset(&cmd
, 0, sizeof(cmd
));
1607 /* Strip the trailing newline. */
1608 line
[rlen
- 1] = '\0';
1612 cmd
.lineno
= lineno
++;
1614 sb_parse_line(ictx
, &cmd
);
1624 static int sb_build_tree_from_cfg(struct sb_image_ctx
*ictx
)
1628 ret
= sb_load_cmdfile(ictx
);
1632 ret
= sb_prefill_image_header(ictx
);
1636 ret
= sb_postfill_image_header(ictx
);
1640 ret
= sb_fixup_sections_and_tags(ictx
);
1647 static int sb_verify_image_header(struct sb_image_ctx
*ictx
,
1648 FILE *fp
, long fsize
)
1650 /* Verify static fields in the image header. */
1651 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1652 const char *stat
[2] = { "[PASS]", "[FAIL]" };
1655 unsigned char digest
[20];
1659 /* Start image-wide crypto. */
1660 ictx
->md_ctx
= EVP_MD_CTX_new();
1661 EVP_DigestInit(ictx
->md_ctx
, EVP_sha1());
1663 soprintf(ictx
, "---------- Verifying SB Image Header ----------\n");
1665 size
= fread(&ictx
->payload
, 1, sizeof(ictx
->payload
), fp
);
1666 if (size
!= sizeof(ictx
->payload
)) {
1667 fprintf(stderr
, "ERR: SB image header too short!\n");
1671 /* Compute header digest. */
1672 md_ctx
= EVP_MD_CTX_new();
1673 EVP_DigestInit(md_ctx
, EVP_sha1());
1674 EVP_DigestUpdate(md_ctx
, hdr
->signature1
,
1675 sizeof(struct sb_boot_image_header
) -
1676 sizeof(hdr
->digest
));
1677 EVP_DigestFinal(md_ctx
, digest
, NULL
);
1678 EVP_MD_CTX_free(md_ctx
);
1680 sb_aes_init(ictx
, NULL
, 1);
1681 sb_encrypt_sb_header(ictx
);
1683 if (memcmp(digest
, hdr
->digest
, 20))
1685 soprintf(ictx
, "%s Image header checksum: %s\n", stat
[!!ret
],
1686 ret
? "BAD" : "OK");
1690 if (memcmp(hdr
->signature1
, "STMP", 4) ||
1691 memcmp(hdr
->signature2
, "sgtl", 4))
1693 soprintf(ictx
, "%s Signatures: '%.4s' '%.4s'\n",
1694 stat
[!!ret
], hdr
->signature1
, hdr
->signature2
);
1698 if ((hdr
->major_version
!= SB_VERSION_MAJOR
) ||
1699 ((hdr
->minor_version
!= 1) && (hdr
->minor_version
!= 2)))
1701 soprintf(ictx
, "%s Image version: v%i.%i\n", stat
[!!ret
],
1702 hdr
->major_version
, hdr
->minor_version
);
1706 ret
= sb_get_time(hdr
->timestamp_us
/ 1000000, &tm
);
1708 "%s Creation time: %02i:%02i:%02i %02i/%02i/%04i\n",
1709 stat
[!!ret
], tm
.tm_hour
, tm
.tm_min
, tm
.tm_sec
,
1710 tm
.tm_mday
, tm
.tm_mon
, tm
.tm_year
+ 2000);
1714 soprintf(ictx
, "%s Product version: %x.%x.%x\n", stat
[0],
1715 ntohs(hdr
->product_version
.major
),
1716 ntohs(hdr
->product_version
.minor
),
1717 ntohs(hdr
->product_version
.revision
));
1718 soprintf(ictx
, "%s Component version: %x.%x.%x\n", stat
[0],
1719 ntohs(hdr
->component_version
.major
),
1720 ntohs(hdr
->component_version
.minor
),
1721 ntohs(hdr
->component_version
.revision
));
1723 if (hdr
->flags
& ~SB_IMAGE_FLAGS_MASK
)
1725 soprintf(ictx
, "%s Image flags: %s\n", stat
[!!ret
],
1726 hdr
->flags
& SB_IMAGE_FLAG_DISPLAY_PROGRESS
?
1727 "Display_progress" : "");
1731 if (hdr
->drive_tag
!= 0)
1733 soprintf(ictx
, "%s Drive tag: %i\n", stat
[!!ret
],
1738 sz
= sizeof(struct sb_boot_image_header
) / SB_BLOCK_SIZE
;
1739 if (hdr
->header_blocks
!= sz
)
1741 soprintf(ictx
, "%s Image header size (blocks): %i\n", stat
[!!ret
],
1742 hdr
->header_blocks
);
1746 sz
= sizeof(struct sb_sections_header
) / SB_BLOCK_SIZE
;
1747 if (hdr
->section_header_size
!= sz
)
1749 soprintf(ictx
, "%s Section header size (blocks): %i\n", stat
[!!ret
],
1750 hdr
->section_header_size
);
1754 soprintf(ictx
, "%s Sections count: %i\n", stat
[!!ret
],
1755 hdr
->section_count
);
1756 soprintf(ictx
, "%s First bootable section %i\n", stat
[!!ret
],
1757 hdr
->first_boot_section_id
);
1759 if (hdr
->image_blocks
!= fsize
/ SB_BLOCK_SIZE
)
1761 soprintf(ictx
, "%s Image size (blocks): %i\n", stat
[!!ret
],
1766 sz
= hdr
->header_blocks
+ hdr
->section_header_size
* hdr
->section_count
;
1767 if (hdr
->key_dictionary_block
!= sz
)
1769 soprintf(ictx
, "%s Key dict offset (blocks): %i\n", stat
[!!ret
],
1770 hdr
->key_dictionary_block
);
1774 if (hdr
->key_count
!= 1)
1776 soprintf(ictx
, "%s Number of encryption keys: %i\n", stat
[!!ret
],
1781 sz
= hdr
->header_blocks
+ hdr
->section_header_size
* hdr
->section_count
;
1782 sz
+= hdr
->key_count
*
1783 sizeof(struct sb_key_dictionary_key
) / SB_BLOCK_SIZE
;
1784 if (hdr
->first_boot_tag_block
!= (unsigned)sz
)
1786 soprintf(ictx
, "%s First TAG block (blocks): %i\n", stat
[!!ret
],
1787 hdr
->first_boot_tag_block
);
1794 static void sb_decrypt_tag(struct sb_image_ctx
*ictx
,
1795 struct sb_cmd_ctx
*cctx
)
1797 EVP_MD_CTX
*md_ctx
= ictx
->md_ctx
;
1798 struct sb_command
*cmd
= &cctx
->payload
;
1800 sb_aes_crypt(ictx
, (uint8_t *)&cctx
->c_payload
,
1801 (uint8_t *)&cctx
->payload
, sizeof(*cmd
));
1802 EVP_DigestUpdate(md_ctx
, &cctx
->c_payload
, sizeof(*cmd
));
1805 static int sb_verify_command(struct sb_image_ctx
*ictx
,
1806 struct sb_cmd_ctx
*cctx
, FILE *fp
,
1807 unsigned long *tsize
)
1809 struct sb_command
*ccmd
= &cctx
->payload
;
1810 unsigned long size
, asize
;
1811 char *csum
, *flag
= "";
1814 uint8_t csn
, csc
= ccmd
->header
.checksum
;
1815 ccmd
->header
.checksum
= 0x5a;
1816 csn
= sb_command_checksum(ccmd
);
1817 ccmd
->header
.checksum
= csc
;
1823 csum
= ret
? "checksum BAD" : "checksum OK";
1825 switch (ccmd
->header
.tag
) {
1827 soprintf(ictx
, " NOOP # %s\n", csum
);
1830 if (ccmd
->header
.flags
& ROM_TAG_CMD_FLAG_ROM_LAST_TAG
)
1832 soprintf(ictx
, " TAG %s # %s\n", flag
, csum
);
1833 sb_aes_reinit(ictx
, 0);
1836 soprintf(ictx
, " LOAD addr=0x%08x length=0x%08x # %s\n",
1837 ccmd
->load
.address
, ccmd
->load
.count
, csum
);
1839 cctx
->length
= ccmd
->load
.count
;
1840 asize
= roundup(cctx
->length
, SB_BLOCK_SIZE
);
1841 cctx
->data
= malloc(asize
);
1845 size
= fread(cctx
->data
, 1, asize
, fp
);
1846 if (size
!= asize
) {
1848 "ERR: SB LOAD command payload too short!\n");
1854 EVP_DigestUpdate(ictx
->md_ctx
, cctx
->data
, asize
);
1855 sb_aes_crypt(ictx
, cctx
->data
, cctx
->data
, asize
);
1857 if (ccmd
->load
.crc32
!= pbl_crc32(0,
1858 (const char *)cctx
->data
,
1861 "ERR: SB LOAD command payload CRC32 invalid!\n");
1867 " FILL addr=0x%08x length=0x%08x pattern=0x%08x # %s\n",
1868 ccmd
->fill
.address
, ccmd
->fill
.count
,
1869 ccmd
->fill
.pattern
, csum
);
1872 if (ccmd
->header
.flags
& ROM_JUMP_CMD_FLAG_HAB
)
1875 " JUMP%s addr=0x%08x r0_arg=0x%08x # %s\n",
1876 flag
, ccmd
->fill
.address
, ccmd
->jump
.argument
, csum
);
1879 if (ccmd
->header
.flags
& ROM_CALL_CMD_FLAG_HAB
)
1882 " CALL%s addr=0x%08x r0_arg=0x%08x # %s\n",
1883 flag
, ccmd
->fill
.address
, ccmd
->jump
.argument
, csum
);
1886 for (i
= 0; i
< ARRAY_SIZE(modetable
); i
++) {
1887 if (ccmd
->mode
.mode
== modetable
[i
].mode
) {
1888 soprintf(ictx
, " MODE %s # %s\n",
1889 modetable
[i
].name
, csum
);
1893 fprintf(stderr
, " MODE !INVALID! # %s\n", csum
);
1900 static int sb_verify_commands(struct sb_image_ctx
*ictx
,
1901 struct sb_section_ctx
*sctx
, FILE *fp
)
1903 unsigned long size
, tsize
= 0;
1904 struct sb_cmd_ctx
*cctx
;
1907 sb_aes_reinit(ictx
, 0);
1909 while (tsize
< sctx
->size
) {
1910 cctx
= calloc(1, sizeof(*cctx
));
1913 if (!sctx
->cmd_head
) {
1914 sctx
->cmd_head
= cctx
;
1915 sctx
->cmd_tail
= cctx
;
1917 sctx
->cmd_tail
->cmd
= cctx
;
1918 sctx
->cmd_tail
= cctx
;
1921 size
= fread(&cctx
->c_payload
, 1, sizeof(cctx
->c_payload
), fp
);
1922 if (size
!= sizeof(cctx
->c_payload
)) {
1923 fprintf(stderr
, "ERR: SB command header too short!\n");
1929 sb_decrypt_tag(ictx
, cctx
);
1931 ret
= sb_verify_command(ictx
, cctx
, fp
, &tsize
);
1939 static int sb_verify_sections_cmds(struct sb_image_ctx
*ictx
, FILE *fp
)
1941 struct sb_boot_image_header
*hdr
= &ictx
->payload
;
1942 struct sb_sections_header
*shdr
;
1945 struct sb_section_ctx
*sctx
;
1947 char *bootable
= "";
1949 soprintf(ictx
, "----- Verifying SB Sections and Commands -----\n");
1951 for (i
= 0; i
< hdr
->section_count
; i
++) {
1952 sctx
= calloc(1, sizeof(*sctx
));
1955 if (!ictx
->sect_head
) {
1956 ictx
->sect_head
= sctx
;
1957 ictx
->sect_tail
= sctx
;
1959 ictx
->sect_tail
->sect
= sctx
;
1960 ictx
->sect_tail
= sctx
;
1963 size
= fread(&sctx
->payload
, 1, sizeof(sctx
->payload
), fp
);
1964 if (size
!= sizeof(sctx
->payload
)) {
1965 fprintf(stderr
, "ERR: SB section header too short!\n");
1970 size
= fread(&ictx
->sb_dict_key
, 1, sizeof(ictx
->sb_dict_key
), fp
);
1971 if (size
!= sizeof(ictx
->sb_dict_key
)) {
1972 fprintf(stderr
, "ERR: SB key dictionary too short!\n");
1976 sb_encrypt_sb_sections_header(ictx
);
1977 sb_aes_reinit(ictx
, 0);
1978 sb_decrypt_key_dictionary_key(ictx
);
1980 sb_aes_reinit(ictx
, 0);
1982 sctx
= ictx
->sect_head
;
1984 shdr
= &sctx
->payload
;
1986 if (shdr
->section_flags
& SB_SECTION_FLAG_BOOTABLE
) {
1988 bootable
= " BOOTABLE";
1991 sctx
->size
= (shdr
->section_size
* SB_BLOCK_SIZE
) +
1992 sizeof(struct sb_command
);
1993 soprintf(ictx
, "SECTION 0x%x%s # size = %i bytes\n",
1994 shdr
->section_number
, bootable
, sctx
->size
);
1996 if (shdr
->section_flags
& ~SB_SECTION_FLAG_BOOTABLE
)
1997 fprintf(stderr
, " WARN: Unknown section flag(s) %08x\n",
1998 shdr
->section_flags
);
2000 if ((shdr
->section_flags
& SB_SECTION_FLAG_BOOTABLE
) &&
2001 (hdr
->first_boot_section_id
!= shdr
->section_number
)) {
2003 " WARN: Bootable section does ID not match image header ID!\n");
2006 ret
= sb_verify_commands(ictx
, sctx
, fp
);
2015 * check if the first TAG command is at sctx->section_offset
2020 static int sb_verify_image_end(struct sb_image_ctx
*ictx
,
2021 FILE *fp
, off_t filesz
)
2028 soprintf(ictx
, "------------- Verifying image end -------------\n");
2030 size
= fread(digest
, 1, sizeof(digest
), fp
);
2031 if (size
!= sizeof(digest
)) {
2032 fprintf(stderr
, "ERR: SB key dictionary too short!\n");
2037 if (pos
!= filesz
) {
2038 fprintf(stderr
, "ERR: Trailing data past the image!\n");
2042 /* Check the image digest. */
2043 EVP_DigestFinal(ictx
->md_ctx
, ictx
->digest
, NULL
);
2044 EVP_MD_CTX_free(ictx
->md_ctx
);
2046 /* Decrypt the image digest from the input image. */
2047 sb_aes_reinit(ictx
, 0);
2048 sb_aes_crypt(ictx
, digest
, digest
, sizeof(digest
));
2050 /* Check all of 20 bytes of the SHA1 hash. */
2051 ret
= memcmp(digest
, ictx
->digest
, 20) ? -EINVAL
: 0;
2054 soprintf(ictx
, "[FAIL] Full-image checksum: BAD\n");
2056 soprintf(ictx
, "[PASS] Full-image checksum: OK\n");
2062 static int sb_build_tree_from_img(struct sb_image_ctx
*ictx
)
2068 if (!ictx
->input_filename
) {
2069 fprintf(stderr
, "ERR: Missing filename!\n");
2073 fp
= fopen(ictx
->input_filename
, "r");
2077 ret
= fseek(fp
, 0, SEEK_END
);
2081 filesize
= ftell(fp
);
2085 ret
= fseek(fp
, 0, SEEK_SET
);
2089 if (filesize
< (signed)sizeof(ictx
->payload
)) {
2090 fprintf(stderr
, "ERR: File too short!\n");
2094 if (filesize
& (SB_BLOCK_SIZE
- 1)) {
2095 fprintf(stderr
, "ERR: The file is not aligned!\n");
2099 /* Load and verify image header */
2100 ret
= sb_verify_image_header(ictx
, fp
, filesize
);
2104 /* Load and verify sections and commands */
2105 ret
= sb_verify_sections_cmds(ictx
, fp
);
2109 ret
= sb_verify_image_end(ictx
, fp
, filesize
);
2116 soprintf(ictx
, "-------------------- Result -------------------\n");
2117 soprintf(ictx
, "Verification %s\n", ret
? "FAILED" : "PASSED");
2119 /* Stop the encryption session. */
2120 sb_aes_deinit(ictx
->cipher_ctx
);
2128 fprintf(stderr
, "ERR: Failed to load file \"%s\"\n",
2129 ictx
->input_filename
);
2133 static void sb_free_image(struct sb_image_ctx
*ictx
)
2135 struct sb_section_ctx
*sctx
= ictx
->sect_head
, *s_head
;
2136 struct sb_dcd_ctx
*dctx
= ictx
->dcd_head
, *d_head
;
2137 struct sb_cmd_ctx
*cctx
, *c_head
;
2141 c_head
= sctx
->cmd_head
;
2145 c_head
= c_head
->cmd
;
2158 free(d_head
->payload
);
2164 * MXSSB-MKIMAGE glue code.
2166 static int mxsimage_check_image_types(uint8_t type
)
2168 if (type
== IH_TYPE_MXSIMAGE
)
2169 return EXIT_SUCCESS
;
2171 return EXIT_FAILURE
;
2174 static void mxsimage_set_header(void *ptr
, struct stat
*sbuf
, int ifd
,
2175 struct image_tool_params
*params
)
2179 int mxsimage_check_params(struct image_tool_params
*params
)
2183 if (!strlen(params
->imagename
)) {
2185 "Error: %s - Configuration file not specified, it is needed for mxsimage generation\n",
2192 * XIP is not allowed and verify that incompatible
2193 * parameters are not sent at the same time
2194 * For example, if list is required a data image must not be provided
2196 return (params
->dflag
&& (params
->fflag
|| params
->lflag
)) ||
2197 (params
->fflag
&& (params
->dflag
|| params
->lflag
)) ||
2198 (params
->lflag
&& (params
->dflag
|| params
->fflag
)) ||
2199 (params
->xflag
) || !(strlen(params
->imagename
));
2202 static int mxsimage_verify_print_header(char *file
, int silent
)
2205 struct sb_image_ctx ctx
;
2207 memset(&ctx
, 0, sizeof(ctx
));
2209 ctx
.input_filename
= file
;
2210 ctx
.silent_dump
= silent
;
2212 ret
= sb_build_tree_from_img(&ctx
);
2213 sb_free_image(&ctx
);
2219 static int mxsimage_verify_header(unsigned char *ptr
, int image_size
,
2220 struct image_tool_params
*params
)
2222 struct sb_boot_image_header
*hdr
;
2227 hdr
= (struct sb_boot_image_header
*)ptr
;
2230 * Check if the header contains the MXS image signatures,
2231 * if so, do a full-image verification.
2233 if (memcmp(hdr
->signature1
, "STMP", 4) ||
2234 memcmp(hdr
->signature2
, "sgtl", 4))
2237 imagefile
= params
->imagefile
;
2239 return mxsimage_verify_print_header(params
->imagefile
, 1);
2242 static void mxsimage_print_header(const void *hdr
, struct image_tool_params
*params
)
2245 mxsimage_verify_print_header(imagefile
, 0);
2248 static int sb_build_image(struct sb_image_ctx
*ictx
,
2249 struct image_type_params
*tparams
)
2251 struct sb_boot_image_header
*sb_header
= &ictx
->payload
;
2252 struct sb_section_ctx
*sctx
;
2253 struct sb_cmd_ctx
*cctx
;
2254 struct sb_command
*ccmd
;
2255 struct sb_key_dictionary_key
*sb_dict_key
= &ictx
->sb_dict_key
;
2257 uint8_t *image
, *iptr
;
2259 /* Calculate image size. */
2260 uint32_t size
= sizeof(*sb_header
) +
2261 ictx
->sect_count
* sizeof(struct sb_sections_header
) +
2262 sizeof(*sb_dict_key
) + sizeof(ictx
->digest
);
2264 sctx
= ictx
->sect_head
;
2270 image
= malloc(size
);
2275 memcpy(iptr
, sb_header
, sizeof(*sb_header
));
2276 iptr
+= sizeof(*sb_header
);
2278 sctx
= ictx
->sect_head
;
2280 memcpy(iptr
, &sctx
->payload
, sizeof(struct sb_sections_header
));
2281 iptr
+= sizeof(struct sb_sections_header
);
2285 memcpy(iptr
, sb_dict_key
, sizeof(*sb_dict_key
));
2286 iptr
+= sizeof(*sb_dict_key
);
2288 sctx
= ictx
->sect_head
;
2290 cctx
= sctx
->cmd_head
;
2292 ccmd
= &cctx
->payload
;
2294 memcpy(iptr
, &cctx
->c_payload
, sizeof(cctx
->payload
));
2295 iptr
+= sizeof(cctx
->payload
);
2297 if (ccmd
->header
.tag
== ROM_LOAD_CMD
) {
2298 memcpy(iptr
, cctx
->data
, cctx
->length
);
2299 iptr
+= cctx
->length
;
2308 memcpy(iptr
, ictx
->digest
, sizeof(ictx
->digest
));
2309 iptr
+= sizeof(ictx
->digest
);
2311 /* Configure the mkimage */
2312 tparams
->hdr
= image
;
2313 tparams
->header_size
= size
;
2318 static int mxsimage_generate(struct image_tool_params
*params
,
2319 struct image_type_params
*tparams
)
2322 struct sb_image_ctx ctx
;
2324 /* Do not copy the U-Boot image! */
2325 params
->skipcpy
= 1;
2327 memset(&ctx
, 0, sizeof(ctx
));
2329 ctx
.cfg_filename
= params
->imagename
;
2330 ctx
.output_filename
= params
->imagefile
;
2332 ret
= sb_build_tree_from_cfg(&ctx
);
2336 ret
= sb_encrypt_image(&ctx
);
2338 ret
= sb_build_image(&ctx
, tparams
);
2341 sb_free_image(&ctx
);
2347 * mxsimage parameters
2351 "Freescale MXS Boot Image support",
2354 mxsimage_check_params
,
2355 mxsimage_verify_header
,
2356 mxsimage_print_header
,
2357 mxsimage_set_header
,
2359 mxsimage_check_image_types
,