it is possible to set breakpoints on particular lines, single-step
debug through the source code, etc.
-endif
+endif # EXPERT
config PHYS_64BIT
bool "64bit physical address support"
config FIT
bool "Support Flattened Image Tree"
help
- This option allows to boot the new uImage structrure,
+ This option allows you to boot the new uImage structure,
Flattened Image Tree. FIT is formally a FDT, which can include
images of various types (kernel, FDT blob, ramdisk, etc.)
in a single blob. To boot this new uImage structure,
pass the address of the blob to the "bootm" command.
FIT is very flexible, supporting compression, multiple images,
multiple configurations, verification through hashing and also
- verified boot (secure boot using RSA). This option enables that
- feature.
+ verified boot (secure boot using RSA).
-config SPL_FIT
- bool "Support Flattened Image Tree within SPL"
- depends on FIT
- depends on SPL
-
-config FIT_VERBOSE
- bool "Display verbose messages on FIT boot"
- depends on FIT
+if FIT
config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
- depends on FIT
depends on DM
select RSA
help
This option enables signature verification of FIT uImages,
using a hash signed and verified using RSA. If
CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
- hashing is available using hardware, then then RSA library will use
+ hashing is available using hardware, then the RSA library will use
it. See doc/uImage.FIT/signature.txt for more details.
WARNING: When relying on signed FIT images with a required signature
format support in this case, enable it using
CONFIG_IMAGE_FORMAT_LEGACY.
-config SPL_FIT_SIGNATURE
- bool "Enable signature verification of FIT firmware within SPL"
- depends on SPL_FIT
- depends on SPL_DM
- select SPL_RSA
+config FIT_VERBOSE
+ bool "Show verbose messages when FIT images fail"
+ help
+ Generally a system will have valid FIT images so debug messages
+ are a waste of code space. If you are debugging your images then
+ you can enable this option to get more verbose information about
+ failures.
config FIT_BEST_MATCH
bool "Select the best match for the kernel device tree"
- depends on FIT
help
When no configuration is explicitly selected, default to the
one whose fdt's compatibility field best matches that of
most specific compatibility entry of U-Boot's fdt's root node.
The order of entries in the configuration's fdt is ignored.
-config FIT_VERBOSE
- bool "Show verbose messages when FIT images fails"
- depends on FIT
+config FIT_IMAGE_POST_PROCESS
+ bool "Enable post-processing of FIT artifacts after loading by U-Boot"
+ depends on TI_SECURE_DEVICE
help
- Generally a system will have valid FIT images so debug messages
- are a waste of code space. If you are debugging your images then
- you can enable this option to get more verbose information about
- failures.
+ Allows doing any sort of manipulation to blobs after they got extracted
+ from FIT images like stripping off headers or modifying the size of the
+ blob, verification, authentication, decryption etc. in a platform or
+ board specific way. In order to use this feature a platform or board-
+ specific implementation of board_fit_image_post_process() must be
+ provided. Also, anything done during this post-processing step would
+ need to be comprehended in how the images were prepared before being
+ injected into the FIT creation (i.e. the blobs would have been pre-
+ processed before being added to the FIT image).
+
+config SPL_FIT
+ bool "Support Flattened Image Tree within SPL"
+ depends on SPL
+
+config SPL_FIT_SIGNATURE
+ bool "Enable signature verification of FIT firmware within SPL"
+ depends on SPL_FIT
+ depends on SPL_DM
+ select SPL_RSA
+
+config SPL_LOAD_FIT
+ bool "Enable SPL loading U-Boot as a FIT"
+ help
+ Normally with the SPL framework a legacy image is generated as part
+ of the build. This contains U-Boot along with information as to
+ where it should be loaded. This option instead enables generation
+ of a FIT (Flat Image Tree) which provides more flexibility. In
+ particular it can handle selecting from multiple device tree
+ and passing the correct one to U-Boot.
+
+config SPL_FIT_IMAGE_POST_PROCESS
+ bool "Enable post-processing of FIT artifacts after loading by the SPL"
+ depends on SPL_LOAD_FIT && TI_SECURE_DEVICE
+ help
+ Allows doing any sort of manipulation to blobs after they got extracted
+ from the U-Boot FIT image like stripping off headers or modifying the
+ size of the blob, verification, authentication, decryption etc. in a
+ platform or board specific way. In order to use this feature a platform
+ or board-specific implementation of board_fit_image_post_process() must
+ be provided. Also, anything done during this post-processing step would
+ need to be comprehended in how the images were prepared before being
+ injected into the FIT creation (i.e. the blobs would have been pre-
+ processed before being added to the FIT image).
+
+endif # FIT
config OF_BOARD_SETUP
bool "Set up board-specific details in device tree before boot"
help
TODO: Move CONFIG_SYS_TEXT_BASE for all the architecture
-config SPL_LOAD_FIT
- bool "Enable SPL loading U-Boot as a FIT"
- depends on FIT
- help
- Normally with the SPL framework a legacy image is generated as part
- of the build. This contains U-Boot along with information as to
- where it should be loaded. This option instead enables generation
- of a FIT (Flat Image Tree) which provides more flexibility. In
- particular it can handle selecting from multiple device tree
- and passing the correct one to U-Boot.
-
-config SPL_FIT_IMAGE_POST_PROCESS
- bool "Enable post-processing of FIT artifacts after loading by the SPL"
- depends on SPL_LOAD_FIT && TI_SECURE_DEVICE
- help
- Allows doing any sort of manipulation to blobs after they got extracted
- from the U-Boot FIT image like stripping off headers or modifying the
- size of the blob, verification, authentication, decryption etc. in a
- platform or board specific way. In order to use this feature a platform
- or board-specific implementation of board_fit_image_post_process() must
- be provided. Also, anything done during this post-processing step would
- need to be comprehended in how the images were prepared before being
- injected into the FIT creation (i.e. the blobs would have been pre-
- processed before being added to the FIT image).
-
-config FIT_IMAGE_POST_PROCESS
- bool "Enable post-processing of FIT artifacts after loading by U-Boot"
- depends on FIT && TI_SECURE_DEVICE
- help
- Allows doing any sort of manipulation to blobs after they got extracted
- from FIT images like stripping off headers or modifying the size of the
- blob, verification, authentication, decryption etc. in a platform or
- board specific way. In order to use this feature a platform or board-
- specific implementation of board_fit_image_post_process() must be
- provided. Also, anything done during this post-processing step would
- need to be comprehended in how the images were prepared before being
- injected into the FIT creation (i.e. the blobs would have been pre-
- processed before being added to the FIT image).
config SYS_CLK_FREQ
depends on ARC || ARCH_SUNXI
F: drivers/spmi/
F: include/spmi/
+TI SYSTEM SECURITY
+M: Andrew F. Davis <afd@ti.com>
+S: Supported
+F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
+F: arch/arm/mach-omap2/omap5/sec-fxns.c
+F: arch/arm/mach-omap2/sec-common.c
+F: arch/arm/mach-omap2/config_secure.mk
+F: configs/am43xx_hs_evm_defconfig
+F: configs/am57xx_hs_evm_defconfig
+F: configs/dra7xx_hs_evm_defconfig
+
TQ GROUP
#M: Martin Krause <martin.krause@tq-systems.de>
S: Orphaned (Since 2016-02)
/* Processor specific initialization */
bl lowlevel_init
-#if CONFIG_IS_ENABLED(ARMV8_SPIN_TABLE)
+#if defined(CONFIG_ARMV8_SPIN_TABLE) && !defined(CONFIG_SPL_BUILD)
branch_if_master x0, x1, master_cpu
b spin_table_secondary_jump
/* never return */
/* Boot config */
struct davinci_syscfg_regs {
dv_reg revid;
- dv_reg rsvd[13];
+ dv_reg rsvd[7];
+ dv_reg bootcfg;
+ dv_reg chiprevidr;
+ dv_reg rsvd2[4];
dv_reg kick0;
dv_reg kick1;
dv_reg rsvd1[52];
dv_reg mstpri[3];
- dv_reg rsvd2;
+ dv_reg rsvd3;
dv_reg pinmux[20];
dv_reg suspsrc;
dv_reg chipsig;
#define davinci_syscfg_regs \
((struct davinci_syscfg_regs *)DAVINCI_BOOTCFG_BASE)
+enum {
+ DAVINCI_NAND8_BOOT = 0b001110,
+ DAVINCI_NAND16_BOOT = 0b010000,
+ DAVINCI_SD_OR_MMC_BOOT = 0b011100,
+ DAVINCI_MMC_ONLY_BOOT = 0b111100,
+ DAVINCI_SPI0_FLASH_BOOT = 0b001010,
+ DAVINCI_SPI1_FLASH_BOOT = 0b001100,
+};
+
#define pinmux(x) (&davinci_syscfg_regs->pinmux[x])
/* Emulation suspend bits */
u32 spl_boot_device(void)
{
-#ifdef CONFIG_SPL_NAND_SIMPLE
- return BOOT_DEVICE_NAND;
-#elif defined(CONFIG_SPL_SPI_LOAD)
- return BOOT_DEVICE_SPI;
-#elif defined(CONFIG_SPL_MMC_LOAD)
- return BOOT_DEVICE_MMC1;
-#else
- puts("Unknown boot device\n");
- hang();
+ switch (davinci_syscfg_regs->bootcfg) {
+#ifdef CONFIG_SPL_NAND_SUPPORT
+ case DAVINCI_NAND8_BOOT:
+ case DAVINCI_NAND16_BOOT:
+ return BOOT_DEVICE_NAND;
#endif
+
+#ifdef CONFIG_SPL_MMC_SUPPORT
+ case DAVINCI_SD_OR_MMC_BOOT:
+ case DAVINCI_MMC_ONLY_BOOT:
+ return BOOT_DEVICE_MMC1;
+#endif
+
+#ifdef CONFIG_SPL_SPI_FLASH_SUPPORT
+ case DAVINCI_SPI0_FLASH_BOOT:
+ case DAVINCI_SPI1_FLASH_BOOT:
+ return BOOT_DEVICE_SPI;
+#endif
+
+ default:
+ puts("Unknown boot device\n");
+ hang();
+ }
}
#include <spl.h>
/* Index for signature verify ROM API */
+#ifdef CONFIG_AM33XX
+#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C)
+#else
#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
+#endif
static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
F: configs/igep0020_defconfig
F: configs/igep0030_defconfig
F: configs/igep0032_defconfig
-
-IGEP0020_NAND BOARD
-#M: -
-S: Maintained
-F: configs/igep0020_nand_defconfig
-F: configs/igep0030_nand_defconfig
#include <linux/mtd/nand.h>
#include <linux/mtd/onenand.h>
#include <jffs2/load_kernel.h>
+#include <mtd_node.h>
+#include <fdt_support.h>
#include "igep00x0.h"
DECLARE_GLOBAL_DATA_PTR;
}
#endif
+#ifdef CONFIG_OF_BOARD_SETUP
+int ft_board_setup(void *blob, bd_t *bd)
+{
+#ifdef CONFIG_FDT_FIXUP_PARTITIONS
+ static struct node_info nodes[] = {
+ { "ti,omap2-nand", MTD_DEV_TYPE_NAND, },
+ { "ti,omap2-onenand", MTD_DEV_TYPE_ONENAND, },
+ };
+
+ fdt_fixup_mtdparts(blob, nodes, ARRAY_SIZE(nodes));
+#endif
+ return 0;
+}
+#endif
+
void set_fdt(void)
{
switch (gd->bd->bi_arch_number) {
if (sata_curr_device != -1)
sata_stop();
- return sata_initialize();
+ return (sata_initialize() < 0) ?
+ CMD_RET_FAILURE : CMD_RET_SUCCESS;
}
/* If the user has not yet run `sata init`, do it now */
if (sata_curr_device == -1) {
rc = sata_initialize();
if (rc == -1)
- return rc;
+ return CMD_RET_FAILURE;
sata_curr_device = rc;
}
in drivers/power, drivers/power/pmic and drivers/power/regulator
as part of an SPL build.
+config SPL_RAM_SUPPORT
+ bool "Support booting from RAM"
+ depends on SPL
+ default y if MICROBLAZE || ARCH_SOCFPGA || TEGRA || ARCH_ZYNQ
+ help
+ Enable booting of an image in RAM. The image can be preloaded or
+ it can be loaded by SPL directly into RAM (e.g. using USB).
+
+config SPL_RAM_DEVICE
+ bool "Support booting from preloaded image in RAM"
+ depends on SPL_RAM_SUPPORT
+ default y if MICROBLAZE || ARCH_SOCFPGA || TEGRA || ARCH_ZYNQ
+ help
+ Enable booting of an image already loaded in RAM. The image has to
+ be already in memory when SPL takes over, e.g. loaded by the boot
+ ROM.
+
config SPL_SATA_SUPPORT
bool "Support loading from SATA"
depends on SPL
config SPL_DFU_RAM
bool "RAM device"
- depends on SPL_DFU_SUPPORT
+ depends on SPL_DFU_SUPPORT && SPL_RAM_SUPPORT
help
select RAM/DDR memory device for loading binary images
(u-boot/kernel) to the selected device partition using
obj-$(CONFIG_SPL_SATA_SUPPORT) += spl_sata.o
obj-$(CONFIG_SPL_DFU_SUPPORT) += spl_dfu.o
obj-$(CONFIG_SPL_SPI_LOAD) += spl_spi.o
+obj-$(CONFIG_SPL_RAM_SUPPORT) += spl_ram.o
endif
(image_entry_noargs_t)spl_image->entry_point;
debug("image entry point: 0x%lX\n", spl_image->entry_point);
- image_entry();
-}
-
-#ifndef CONFIG_SPL_LOAD_FIT_ADDRESS
-# define CONFIG_SPL_LOAD_FIT_ADDRESS 0
-#endif
-
-#if defined(CONFIG_SPL_RAM_DEVICE) || defined(CONFIG_SPL_DFU_SUPPORT)
-static ulong spl_ram_load_read(struct spl_load_info *load, ulong sector,
- ulong count, void *buf)
-{
- debug("%s: sector %lx, count %lx, buf %lx\n",
- __func__, sector, count, (ulong)buf);
- memcpy(buf, (void *)(CONFIG_SPL_LOAD_FIT_ADDRESS + sector), count);
- return count;
-}
-
-static int spl_ram_load_image(struct spl_image_info *spl_image,
- struct spl_boot_device *bootdev)
-{
- struct image_header *header;
-
- header = (struct image_header *)CONFIG_SPL_LOAD_FIT_ADDRESS;
-
-#if defined(CONFIG_SPL_DFU_SUPPORT)
- if (bootdev->boot_device == BOOT_DEVICE_DFU)
- spl_dfu_cmd(0, "dfu_alt_info_ram", "ram", "0");
+#if defined(CONFIG_ARMV8_SPIN_TABLE) && defined(CONFIG_ARMV8_MULTIENTRY)
+ /*
+ * Release all slave cores from CPU_RELEASE_ADDR so they could
+ * arrive to the spin-table code in start.S of the u-boot
+ */
+ *(ulong *)CPU_RELEASE_ADDR = (ulong)spl_image->entry_point;
#endif
- if (IS_ENABLED(CONFIG_SPL_LOAD_FIT) &&
- image_get_magic(header) == FDT_MAGIC) {
- struct spl_load_info load;
-
- debug("Found FIT\n");
- load.bl_len = 1;
- load.read = spl_ram_load_read;
- spl_load_simple_fit(spl_image, &load, 0, header);
- } else {
- debug("Legacy image\n");
- /*
- * Get the header. It will point to an address defined by
- * handoff which will tell where the image located inside
- * the flash. For now, it will temporary fixed to address
- * pointed by U-Boot.
- */
- header = (struct image_header *)
- (CONFIG_SYS_TEXT_BASE - sizeof(struct image_header));
-
- spl_parse_image_header(spl_image, header);
- }
-
- return 0;
+ image_entry();
}
-#if defined(CONFIG_SPL_RAM_DEVICE)
-SPL_LOAD_IMAGE_METHOD("RAM", 0, BOOT_DEVICE_RAM, spl_ram_load_image);
-#endif
-#if defined(CONFIG_SPL_DFU_SUPPORT)
-SPL_LOAD_IMAGE_METHOD("USB DFU", 0, BOOT_DEVICE_DFU, spl_ram_load_image);
-#endif
-#endif
int spl_init(void)
{
--- /dev/null
+/*
+ * (C) Copyright 2016
+ * Xilinx, Inc.
+ *
+ * (C) Copyright 2016
+ * Toradex AG
+ *
+ * Michal Simek <michal.simek@xilinx.com>
+ * Stefan Agner <stefan.agner@toradex.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+#include <common.h>
+#include <spl.h>
+#include <libfdt.h>
+
+#ifndef CONFIG_SPL_LOAD_FIT_ADDRESS
+# define CONFIG_SPL_LOAD_FIT_ADDRESS 0
+#endif
+
+static ulong spl_ram_load_read(struct spl_load_info *load, ulong sector,
+ ulong count, void *buf)
+{
+ debug("%s: sector %lx, count %lx, buf %lx\n",
+ __func__, sector, count, (ulong)buf);
+ memcpy(buf, (void *)(CONFIG_SPL_LOAD_FIT_ADDRESS + sector), count);
+ return count;
+}
+
+static int spl_ram_load_image(struct spl_image_info *spl_image,
+ struct spl_boot_device *bootdev)
+{
+ struct image_header *header;
+
+ header = (struct image_header *)CONFIG_SPL_LOAD_FIT_ADDRESS;
+
+#if defined(CONFIG_SPL_DFU_SUPPORT)
+ if (bootdev->boot_device == BOOT_DEVICE_DFU)
+ spl_dfu_cmd(0, "dfu_alt_info_ram", "ram", "0");
+#endif
+
+ if (IS_ENABLED(CONFIG_SPL_LOAD_FIT) &&
+ image_get_magic(header) == FDT_MAGIC) {
+ struct spl_load_info load;
+
+ debug("Found FIT\n");
+ load.bl_len = 1;
+ load.read = spl_ram_load_read;
+ spl_load_simple_fit(spl_image, &load, 0, header);
+ } else {
+ debug("Legacy image\n");
+ /*
+ * Get the header. It will point to an address defined by
+ * handoff which will tell where the image located inside
+ * the flash. For now, it will temporary fixed to address
+ * pointed by U-Boot.
+ */
+ header = (struct image_header *)
+ (CONFIG_SYS_TEXT_BASE - sizeof(struct image_header));
+
+ spl_parse_image_header(spl_image, header);
+ }
+
+ return 0;
+}
+#if defined(CONFIG_SPL_RAM_DEVICE)
+SPL_LOAD_IMAGE_METHOD("RAM", 0, BOOT_DEVICE_RAM, spl_ram_load_image);
+#endif
+#if defined(CONFIG_SPL_DFU_SUPPORT)
+SPL_LOAD_IMAGE_METHOD("DFU", 0, BOOT_DEVICE_DFU, spl_ram_load_image);
+#endif
+
+
CONFIG_OMAP34XX=y
# CONFIG_SPL_EXT_SUPPORT is not set
CONFIG_TARGET_OMAP3_IGEP00X0=y
+CONFIG_OF_BOARD_SETUP=y
CONFIG_SYS_EXTRA_OPTIONS="MACH_TYPE=MACH_TYPE_IGEP0020"
CONFIG_BOOTDELAY=3
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
CONFIG_MMC_OMAP_HS=y
CONFIG_SYS_NS16550=y
CONFIG_OF_LIBFDT=y
+CONFIG_FDT_FIXUP_PARTITIONS=y
# CONFIG_SPL_EXT_SUPPORT is not set
CONFIG_TARGET_OMAP3_IGEP00X0=y
CONFIG_DISTRO_DEFAULTS=y
+CONFIG_OF_BOARD_SETUP=y
CONFIG_SYS_EXTRA_OPTIONS="MACH_TYPE=MACH_TYPE_IGEP0030"
CONFIG_BOOTDELAY=3
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
CONFIG_MMC_OMAP_HS=y
CONFIG_SYS_NS16550=y
CONFIG_OF_LIBFDT=y
+CONFIG_FDT_FIXUP_PARTITIONS=y
# CONFIG_SPL_EXT_SUPPORT is not set
CONFIG_TARGET_OMAP3_IGEP00X0=y
CONFIG_DISTRO_DEFAULTS=y
+CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=3
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
CONFIG_SYS_CONSOLE_INFO_QUIET=y
CONFIG_MMC_OMAP_HS=y
CONFIG_SYS_NS16550=y
CONFIG_OF_LIBFDT=y
+CONFIG_FDT_FIXUP_PARTITIONS=y
CONFIG_TARGET_OMAPL138_LCDK=y
CONFIG_SPL_LIBCOMMON_SUPPORT=y
CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SPL_MMC_SUPPORT=y
CONFIG_SPL_NAND_SUPPORT=y
CONFIG_SPL_SERIAL_SUPPORT=y
CONFIG_BOOTDELAY=3
Test passed
+Hardware Signing with PKCS#11
+-----------------------------
+
+Securely managing private signing keys can challenging, especially when the
+keys are stored on the file system of a computer that is connected to the
+Internet. If an attacker is able to steal the key, they can sign malicious FIT
+images which will appear genuine to your devices.
+
+An alternative solution is to keep your signing key securely stored on hardware
+device like a smartcard, USB token or Hardware Security Module (HSM) and have
+them perform the signing. PKCS#11 is standard for interfacing with these crypto
+device.
+
+Requirements:
+Smartcard/USB token/HSM which can work with the pkcs11 engine
+openssl
+libp11 (provides pkcs11 engine)
+p11-kit (recommended to simplify setup)
+opensc (for smartcards and smartcard like USB devices)
+gnutls (recommended for key generation, p11tool)
+
+The following examples use the Nitrokey Pro. Instructions for other devices may vary.
+
+Notes on pkcs11 engine setup:
+
+Make sure p11-kit, opensc are installed and that p11-kit is setup to use opensc.
+/usr/share/p11-kit/modules/opensc.module should be present on your system.
+
+
+Generating Keys On the Nitrokey:
+
+$ gpg --card-edit
+
+Reader ...........: Nitrokey Nitrokey Pro (xxxxxxxx0000000000000000) 00 00
+Application ID ...: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+Version ..........: 2.1
+Manufacturer .....: ZeitControl
+Serial number ....: xxxxxxxx
+Name of cardholder: [not set]
+Language prefs ...: de
+Sex ..............: unspecified
+URL of public key : [not set]
+Login data .......: [not set]
+Signature PIN ....: forced
+Key attributes ...: rsa2048 rsa2048 rsa2048
+Max. PIN lengths .: 32 32 32
+PIN retry counter : 3 0 3
+Signature counter : 0
+Signature key ....: [none]
+Encryption key....: [none]
+Authentication key: [none]
+General key info..: [none]
+
+gpg/card> generate
+Make off-card backup of encryption key? (Y/n) n
+
+Please note that the factory settings of the PINs are
+ PIN = '123456' Admin PIN = '12345678'
+You should change them using the command --change-pin
+
+What keysize do you want for the Signature key? (2048) 4096
+The card will now be re-configured to generate a key of 4096 bits
+Note: There is no guarantee that the card supports the requested size.
+ If the key generation does not succeed, please check the
+ documentation of your card to see what sizes are allowed.
+What keysize do you want for the Encryption key? (2048) 4096
+The card will now be re-configured to generate a key of 4096 bits
+What keysize do you want for the Authentication key? (2048) 4096
+The card will now be re-configured to generate a key of 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: John Doe
+Email address: john.doe@email.com
+Comment:
+You selected this USER-ID:
+ "John Doe <john.doe@email.com>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
+
+
+Using p11tool to get the token URL:
+
+Depending on system configuration, gpg-agent may need to be killed first.
+
+$ p11tool --provider /usr/lib/opensc-pkcs11.so --list-tokens
+Token 0:
+URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29
+Label: OpenPGP card (User PIN (sig))
+Type: Hardware token
+Manufacturer: ZeitControl
+Model: PKCS#15 emulated
+Serial: 000xxxxxxxxx
+Module: (null)
+
+
+Token 1:
+URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%29
+Label: OpenPGP card (User PIN)
+Type: Hardware token
+Manufacturer: ZeitControl
+Model: PKCS#15 emulated
+Serial: 000xxxxxxxxx
+Module: (null)
+
+Use the portion of the signature token URL after "pkcs11:" as the keydir argument (-k) to mkimage below.
+
+
+Use the URL of the token to list the private keys:
+
+$ p11tool --login --provider /usr/lib/opensc-pkcs11.so --list-privkeys \
+"pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29"
+Token 'OpenPGP card (User PIN (sig))' with URL 'pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29' requires user PIN
+Enter PIN:
+Object 0:
+URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29;id=%01;object=Signature%20key;type=private
+Type: Private key
+Label: Signature key
+Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
+ID: 01
+
+Use the label, in this case "Signature key" as the key-name-hint in your FIT.
+
+Create the fitImage:
+$ ./tools/mkimage -f fit-image.its fitImage
+
+
+Sign the fitImage with the hardware key:
+
+$ ./tools/mkimage -F -k \
+"model=PKCS%2315%20emulated;manufacturer=ZeitControl;serial=000xxxxxxxxx;token=OpenPGP%20card%20%28User%20PIN%20%28sig%29%29" \
+-K u-boot.dtb -N pkcs11 -r fitImage
+
+
Future Work
-----------
- Roll-back protection using a TPM is done using the tpm command. This can
struct nand_chip *chip = mtd_to_nand(mtd);
struct omap_nand_info *info = nand_get_controller_data(chip);
- count = decode_bch(info->control, NULL, 512, read_ecc, calc_ecc,
- NULL, errloc);
+ count = decode_bch(info->control, NULL, SECTOR_BYTES,
+ read_ecc, calc_ecc, NULL, errloc);
if (count > 0) {
/* correct errors */
for (i = 0; i < count; i++) {
/* correct data only, not ecc bytes */
- if (errloc[i] < 8*512)
- data[errloc[i]/8] ^= 1 << (errloc[i] & 7);
+ if (errloc[i] < SECTOR_BYTES << 3)
+ data[errloc[i] >> 3] ^= 1 << (errloc[i] & 7);
debug("corrected bitflip %u\n", errloc[i]);
#ifdef DEBUG
puts("read_ecc: ");
bool "Enable PCF2127 driver"
depends on DM_RTC
help
- Enable pcf2127 driver which provides rtc get and set function
+ The PCF2127 is a CMOS Real Time Clock (RTC) and calendar with an integrated
+ Temperature Compensated Crystal (Xtal) Oscillator (TCXO) and a 32.768 kHz quartz
+ crystal optimized for very high accuracy and very low power consumption. The PCF2127
+ has a selectable I2C-bus or SPI-bus, a backup battery switch-over circuit, a
+ programmable watchdog function, a timestamp function, and many other features.
endmenu
#include <i2c.h>
#include <rtc.h>
-#define PCF2127_REG_CTRL1 (0x00)
-#define PCF2127_REG_CTRL2 (0x01)
-#define PCF2127_REG_CTRL3 (0x02)
-#define PCF2127_REG_SC (0x03) /* datetime */
-#define PCF2127_REG_MN (0x04)
-#define PCF2127_REG_HR (0x05)
-#define PCF2127_REG_DM (0x06)
-#define PCF2127_REG_DW (0x07)
-#define PCF2127_REG_MO (0x08)
-#define PCF2127_REG_YR (0x09)
+#define PCF2127_REG_CTRL1 0x00
+#define PCF2127_REG_CTRL2 0x01
+#define PCF2127_REG_CTRL3 0x02
+#define PCF2127_REG_SC 0x03
+#define PCF2127_REG_MN 0x04
+#define PCF2127_REG_HR 0x05
+#define PCF2127_REG_DM 0x06
+#define PCF2127_REG_DW 0x07
+#define PCF2127_REG_MO 0x08
+#define PCF2127_REG_YR 0x09
static int pcf2127_rtc_set(struct udevice *dev, const struct rtc_time *tm)
{
uchar buf[8];
- int i = 0;
+ int i = 0, ret;
/* start register address */
buf[i++] = PCF2127_REG_SC;
buf[i++] = bin2bcd(tm->tm_year % 100);
/* write register's data */
- if (dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, sizeof(buf)) < 0)
- return -1;
+ ret = dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, sizeof(buf));
- return 0;
+ return ret;
}
static int pcf2127_rtc_get(struct udevice *dev, struct rtc_time *tm)
{
- int rel = 0;
+ int ret = 0;
uchar buf[10] = { PCF2127_REG_CTRL1 };
- if (dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, 1) < 0)
- return -1;
- if (dm_i2c_read(dev, PCF2127_REG_CTRL1, buf, sizeof(buf)) < 0)
- return -1;
+ ret = dm_i2c_write(dev, PCF2127_REG_CTRL1, buf, 1);
+ if (ret < 0)
+ return ret;
+ ret = dm_i2c_read(dev, PCF2127_REG_CTRL1, buf, sizeof(buf));
+ if (ret < 0)
+ return ret;
if (buf[PCF2127_REG_CTRL3] & 0x04)
puts("### Warning: RTC Low Voltage - date/time not reliable\n");
tm->tm_year, tm->tm_mon, tm->tm_mday, tm->tm_wday,
tm->tm_hour, tm->tm_min, tm->tm_sec);
- return rel;
+ return ret;
}
static int pcf2127_rtc_reset(struct udevice *dev)
{
/*Doing nothing here*/
+
return 0;
}
#include <config.h>
#include <errno.h>
+#include <time.h>
#include <asm-offsets.h>
#include <linux/bitops.h>
+#include <linux/delay.h>
#include <linux/types.h>
#include <linux/string.h>
#include <linux/stringify.h>
#endif
#endif
-/*
- * Return the current value of a monotonically increasing microsecond timer.
- * Granularity may be larger than 1us if hardware does not support this.
- */
-ulong timer_get_us(void);
-
/* $(CPU)/cpu.c */
static inline int cpumask_next(int cpu, unsigned int mask)
{
void irq_install_handler(int, interrupt_handler_t *, void *);
void irq_free_handler (int);
void reset_timer (void);
-ulong get_timer (ulong base);
/* Return value of monotonic microsecond timer */
unsigned long timer_get_us(void);
void wait_ticks (unsigned long);
/* arch/$(ARCH)/lib/time.c */
-void __udelay (unsigned long);
ulong usec2ticks (unsigned long usec);
ulong ticks2usec (unsigned long ticks);
int init_timebase (void);
int(*compar)(const void *, const void *));
int strcmp_compar(const void *, const void *);
-/* lib/time.c */
-void udelay (unsigned long);
-void mdelay(unsigned long);
-
/* lib/uuid.c */
#include <uuid.h>
#define CONFIG_ENV_OFFSET 0x0
#define CONFIG_ENV_OFFSET_REDUND (CONFIG_ENV_OFFSET + CONFIG_ENV_SIZE)
#define CONFIG_SYS_REDUNDAND_ENVIRONMENT
+#define CONFIG_SYS_MMC_MAX_DEVICE 2
#elif defined(CONFIG_NOR_BOOT)
#define CONFIG_ENV_IS_IN_FLASH
#define CONFIG_ENV_SECT_SIZE (128 << 10) /* 128 KiB */
#define CONFIG_SPL_LDSCRIPT "arch/microblaze/cpu/u-boot-spl.lds"
-#define CONFIG_SPL_RAM_DEVICE
#ifdef CONFIG_SYS_FLASH_BASE
# define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_FLASH_BASE
#endif
#define CONFIG_SETUP_MEMORY_TAGS
#define CONFIG_INITRD_TAG
#define CONFIG_REVISION_TAG
-#define CONFIG_CMDLINE_EDITING /* cmd line edit/history */
/* Hardware drivers */
"saveenv;"
#define CONFIG_EXTRA_ENV_SETTINGS \
- "loadaddr=0x81000000\0" \
- "uimage=uImage\0" \
- "zimage=zImage\0" \
+ DEFAULT_LINUX_BOOT_ENV \
"mtdids=" MTDIDS_DEFAULT "\0" \
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"mmcdev=0\0" \
"${optargs};" \
"run addmtdparts; " \
"run vrfb_arg\0" \
- "loadbootscript=fatload mmc ${mmcdev} ${loadaddr} boot.scr\0" \
+ "loadbootscript=load mmc ${mmcdev} ${loadaddr} boot.scr\0" \
"bootscript=echo 'Running bootscript from mmc ...'; " \
"source ${loadaddr}\0" \
"loaduimage=mmc rescan; " \
- "fatload mmc ${mmcdev} ${loadaddr} ${uimage}\0" \
+ "load mmc ${mmcdev} ${loadaddr} uImage\0" \
"loadzimage=mmc rescan; " \
- "fatload mmc ${mmcdev} ${loadaddr} ${zimage}\0" \
+ "load mmc ${mmcdev} ${loadaddr} zImage\0" \
"ramdisksize=64000\0" \
- "ramdiskaddr=0x82000000\0" \
"ramdiskimage=rootfs.ext2.gz.uboot\0" \
"loadramdisk=mmc rescan; " \
- "fatload mmc ${mmcdev} ${ramdiskaddr} ${ramdiskimage}\0" \
+ "load mmc ${mmcdev} ${rdaddr} ${ramdiskimage}\0" \
"ramargs=run setconsole; setenv bootargs console=${console} " \
"root=/dev/ram rw ramdisk_size=${ramdisksize}\0" \
"mmcargs=run setconsole; setenv bootargs console=${console} " \
"ip=${ipaddr}:${tftpserver}:${gatewayip}:${netmask}::eth0:off\0" \
"nfsrootpath=/opt/nfs-exports/omap\0" \
"autoload=no\0" \
- "fdtaddr=0x86000000\0" \
- "loadfdtimage=mmc rescan; " \
- "fatload mmc ${mmcdev} ${fdtaddr} ${fdtimage}\0" \
+ "loadfdt=mmc rescan; " \
+ "load mmc ${mmcdev} ${fdtaddr} ${fdtimage}\0" \
"mmcbootz=echo Booting with DT from mmc${mmcdev} ...; " \
"run mmcargs; " \
"run common_bootargs; " \
"run dump_bootargs; " \
"run loadzimage; " \
- "run loadfdtimage; " \
+ "run loadfdt; " \
"bootz ${loadaddr} - ${fdtaddr}\0" \
"mmcramboot=echo 'Booting uImage kernel from mmc w/ramdisk...'; " \
"run ramargs; " \
"run dump_bootargs; " \
"run loaduimage; " \
"run loadramdisk; " \
- "bootm ${loadaddr} ${ramdiskaddr}\0" \
+ "bootm ${loadaddr} ${rdaddr}\0" \
"mmcrambootz=echo 'Booting zImage kernel from mmc w/ramdisk...'; " \
"run ramargs; " \
"run common_bootargs; " \
"run dump_bootargs; " \
"run loadzimage; " \
"run loadramdisk; " \
- "run loadfdtimage; " \
- "bootz ${loadaddr} ${ramdiskaddr} ${fdtaddr};\0" \
+ "run loadfdt; " \
+ "bootz ${loadaddr} ${rdaddr} ${fdtaddr};\0" \
"tftpboot=echo 'Booting kernel/ramdisk rootfs from tftp...'; " \
"run ramargs; " \
"run common_bootargs; " \
"run dump_bootargs; " \
"tftpboot ${loadaddr} ${zimage}; " \
- "tftpboot ${ramdiskaddr} ${ramdiskimage}; " \
- "bootm ${loadaddr} ${ramdiskaddr}\0" \
+ "tftpboot ${rdaddr} ${ramdiskimage}; " \
+ "bootm ${loadaddr} ${rdaddr}\0" \
"tftpbootz=echo 'Booting kernel NFS rootfs...'; " \
"dhcp;" \
"run nfsargs;" \
"run autoboot"
/* Miscellaneous configurable options */
-#define CONFIG_AUTO_COMPLETE
/* memtest works on */
#define CONFIG_SYS_MEMTEST_START (OMAP34XX_SDRC_CS0)
#define CONFIG_CMD_UBIFS
#endif
-#ifdef CONFIG_USE_SPIFLASH
-#endif
-
#if !defined(CONFIG_USE_NAND) && \
!defined(CONFIG_SYS_USE_NOR) && \
!defined(CONFIG_USE_SPIFLASH)
* 0xFFFF_FF00 ...... End of SRAM
*/
#define CONFIG_SPL_FRAMEWORK
-#define CONFIG_SPL_RAM_DEVICE
#define CONFIG_SPL_TEXT_BASE CONFIG_SYS_INIT_RAM_ADDR
#define CONFIG_SPL_MAX_SIZE (64 * 1024)
/* Defines for SPL */
#define CONFIG_SPL_FRAMEWORK
-#define CONFIG_SPL_RAM_DEVICE
#define CONFIG_SPL_BOARD_INIT
#define CONFIG_SPL_NAND_SIMPLE
#define CONFIG_SPL_MAX_FOOTPRINT (CONFIG_SYS_TEXT_BASE - \
"fit_bootfile=fitImage.itb\0" \
"update_to_fit=setenv loadaddr ${fit_loadaddr}; setenv bootfile ${fit_bootfile}\0" \
"args_fit=setenv bootargs console=${console} \0" \
- "loadfit=run args_fit; bootm ${loadaddr}:kernel@1 " \
- "${loadaddr}:ramdisk@1 ${loadaddr}:${fdtfile};\0" \
+ "loadfit=run args_fit; bootm ${loadaddr}#${fdtfile};\0" \
/*
* DDR information. If the CONFIG_NR_DRAM_BANKS is not defined,
#define CONFIG_SPL_FRAMEWORK
#define CONFIG_SPL_BOARD_INIT
-#define CONFIG_SPL_RAM_DEVICE
/* u-boot is like dtb */
#define CONFIG_SPL_FS_LOAD_ARGS_NAME "u-boot.bin"
#define CONFIG_CMD_SPL
#define CONFIG_SPL_FRAMEWORK
#define CONFIG_SPL_BOARD_INIT
-#define CONFIG_SPL_RAM_DEVICE
#define CONFIG_SPL_LDSCRIPT "arch/arm/mach-zynq/u-boot-spl.lds"
* @fit: Pointer to the FIT format image header
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
*
* Adds hash values for all component images in the FIT blob.
* Hashes are calculated for all component images which have hash subnodes
* libfdt error code, on failure
*/
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys);
+ const char *comment, int require_keys,
+ const char *engine_id);
int fit_image_verify(const void *fit, int noffset);
int fit_config_verify(const void *fit, int conf_noffset);
const void *fdt_blob; /* FDT containing public keys */
int required_keynode; /* Node offset of key to use: -1=any */
const char *require_keys; /* Value for 'required' property */
+ const char *engine_id; /* Engine to use for signing */
};
#endif /* Allow struct image_region to always be defined for rsa.h */
extern struct p_current *current;
-#define ndelay(x) udelay((x) < 1000 ? 1 : (x)/1000)
-
#define dev_dbg(dev, fmt, args...) \
debug(fmt, ##args)
#define dev_vdbg(dev, fmt, args...) \
--- /dev/null
+/*
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef _LINUX_DELAY_H
+#define _LINUX_DELAY_H
+
+#include <linux/kernel.h>
+
+void __udelay(unsigned long usec);
+void udelay(unsigned long usec);
+
+static inline void mdelay(unsigned long msec)
+{
+ while (msec--)
+ udelay(1000);
+}
+
+static inline void ndelay(unsigned long nsec)
+{
+ udelay(DIV_ROUND_UP(nsec, 1000));
+}
+
+#endif /* defined(_LINUX_DELAY_H) */
--- /dev/null
+/*
+ * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ *
+ * SPDX-License-Identifier: GPL-2.0
+ */
+
+#ifndef _LINUX_IOPOLL_H
+#define _LINUX_IOPOLL_H
+
+#include <linux/errno.h>
+#include <linux/io.h>
+#include <time.h>
+
+/**
+ * readx_poll_timeout - Periodically poll an address until a condition is met or a timeout occurs
+ * @op: accessor function (takes @addr as its only argument)
+ * @addr: Address to poll
+ * @val: Variable to read the value into
+ * @cond: Break condition (usually involving @val)
+ * @timeout_us: Timeout in us, 0 means never timeout
+ *
+ * Returns 0 on success and -ETIMEDOUT upon a timeout. In either
+ * case, the last read value at @addr is stored in @val.
+ *
+ * When available, you'll probably want to use one of the specialized
+ * macros defined below rather than this macro directly.
+ */
+#define readx_poll_timeout(op, addr, val, cond, timeout_us) \
+({ \
+ unsigned long timeout = timer_get_us() + timeout_us; \
+ for (;;) { \
+ (val) = op(addr); \
+ if (cond) \
+ break; \
+ if (timeout_us && time_after(timer_get_us(), timeout)) { \
+ (val) = op(addr); \
+ break; \
+ } \
+ } \
+ (cond) ? 0 : -ETIMEDOUT; \
+})
+
+
+#define readb_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readb, addr, val, cond, timeout_us)
+
+#define readw_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readw, addr, val, cond, timeout_us)
+
+#define readl_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readl, addr, val, cond, timeout_us)
+
+#define readq_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readq, addr, val, cond, timeout_us)
+
+#define readb_relaxed_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readb_relaxed, addr, val, cond, timeout_us)
+
+#define readw_relaxed_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readw_relaxed, addr, val, cond, timeout_us)
+
+#define readl_relaxed_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readl_relaxed, addr, val, cond, timeout_us)
+
+#define readq_relaxed_poll_timeout(addr, val, cond, timeout_us) \
+ readx_poll_timeout(readq_relaxed, addr, val, cond, timeout_us)
+
+#endif /* _LINUX_IOPOLL_H */
--- /dev/null
+#ifndef TYPECHECK_H_INCLUDED
+#define TYPECHECK_H_INCLUDED
+
+/*
+ * Check at compile time that something is of a particular type.
+ * Always evaluates to 1 so you may use it easily in comparisons.
+ */
+#define typecheck(type,x) \
+({ type __dummy; \
+ typeof(x) __dummy2; \
+ (void)(&__dummy == &__dummy2); \
+ 1; \
+})
+
+/*
+ * Check at compile time that 'function' is a certain type, or is a pointer
+ * to that type (needs to use typedef for the function type.)
+ */
+#define typecheck_fn(type,function) \
+({ typeof(type) __tmp = function; \
+ (void)__tmp; \
+})
+
+#endif /* TYPECHECK_H_INCLUDED */
--- /dev/null
+/*
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef _TIME_H
+#define _TIME_H
+
+#include <linux/typecheck.h>
+
+unsigned long get_timer(unsigned long base);
+
+/*
+ * Return the current value of a monotonically increasing microsecond timer.
+ * Granularity may be larger than 1us if hardware does not support this.
+ */
+unsigned long timer_get_us(void);
+
+/*
+ * These inlines deal with timer wrapping correctly. You are
+ * strongly encouraged to use them
+ * 1. Because people otherwise forget
+ * 2. Because if the timer wrap changes in future you won't have to
+ * alter your driver code.
+ *
+ * time_after(a,b) returns true if the time a is after time b.
+ *
+ * Do this with "<0" and ">=0" to only test the sign of the result. A
+ * good compiler would generate better code (and a really good compiler
+ * wouldn't care). Gcc is currently neither.
+ */
+#define time_after(a,b) \
+ (typecheck(unsigned long, a) && \
+ typecheck(unsigned long, b) && \
+ ((long)((b) - (a)) < 0))
+#define time_before(a,b) time_after(b,a)
+
+#define time_after_eq(a,b) \
+ (typecheck(unsigned long, a) && \
+ typecheck(unsigned long, b) && \
+ ((long)((a) - (b)) >= 0))
+#define time_before_eq(a,b) time_after_eq(b,a)
+
+/*
+ * Calculate whether a is in the range of [b, c].
+ */
+#define time_in_range(a,b,c) \
+ (time_after_eq(a,b) && \
+ time_before_eq(a,c))
+
+/*
+ * Calculate whether a is in the range of [b, c).
+ */
+#define time_in_range_open(a,b,c) \
+ (time_after_eq(a,b) && \
+ time_before(a,c))
+
+#endif /* _TIME_H */
for (addr.s_addr = 0, i = 0; i < 4; ++i) {
ulong val = s ? simple_strtoul(s, &e, 10) : 0;
+ if (val > 255) {
+ addr.s_addr = 0;
+ return addr;
+ }
+ if (i != 3 && *e != '.') {
+ addr.s_addr = 0;
+ return addr;
+ }
addr.s_addr <<= 8;
addr.s_addr |= (val & 0xFF);
if (s) {
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
+#include <openssl/engine.h>
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#define HAVE_ERR_REMOVE_THREAD_STATE
}
/**
- * rsa_get_pub_key() - read a public key from a .crt file
+ * rsa_pem_get_pub_key() - read a public key from a .crt file
*
* @keydir: Directory containins the key
* @name Name of key file (will have a .crt extension)
* @rsap Returns RSA object, or NULL on failure
* @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
*/
-static int rsa_get_pub_key(const char *keydir, const char *name, RSA **rsap)
+static int rsa_pem_get_pub_key(const char *keydir, const char *name, RSA **rsap)
{
char path[1024];
EVP_PKEY *key;
}
/**
- * rsa_get_priv_key() - read a private key from a .key file
+ * rsa_engine_get_pub_key() - read a public key from given engine
*
- * @keydir: Directory containins the key
+ * @keydir: Key prefix
+ * @name Name of key
+ * @engine Engine to use
+ * @rsap Returns RSA object, or NULL on failure
+ * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
+ */
+static int rsa_engine_get_pub_key(const char *keydir, const char *name,
+ ENGINE *engine, RSA **rsap)
+{
+ const char *engine_id;
+ char key_id[1024];
+ EVP_PKEY *key;
+ RSA *rsa;
+ int ret;
+
+ *rsap = NULL;
+
+ engine_id = ENGINE_get_id(engine);
+
+ if (engine_id && !strcmp(engine_id, "pkcs11")) {
+ if (keydir)
+ snprintf(key_id, sizeof(key_id),
+ "pkcs11:%s;object=%s;type=public",
+ keydir, name);
+ else
+ snprintf(key_id, sizeof(key_id),
+ "pkcs11:object=%s;type=public",
+ name);
+ } else {
+ fprintf(stderr, "Engine not supported\n");
+ return -ENOTSUP;
+ }
+
+ key = ENGINE_load_public_key(engine, key_id, NULL, NULL);
+ if (!key)
+ return rsa_err("Failure loading public key from engine");
+
+ /* Convert to a RSA_style key. */
+ rsa = EVP_PKEY_get1_RSA(key);
+ if (!rsa) {
+ rsa_err("Couldn't convert to a RSA style key");
+ ret = -EINVAL;
+ goto err_rsa;
+ }
+
+ EVP_PKEY_free(key);
+ *rsap = rsa;
+
+ return 0;
+
+err_rsa:
+ EVP_PKEY_free(key);
+ return ret;
+}
+
+/**
+ * rsa_get_pub_key() - read a public key
+ *
+ * @keydir: Directory containing the key (PEM file) or key prefix (engine)
+ * @name Name of key file (will have a .crt extension)
+ * @engine Engine to use
+ * @rsap Returns RSA object, or NULL on failure
+ * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
+ */
+static int rsa_get_pub_key(const char *keydir, const char *name,
+ ENGINE *engine, RSA **rsap)
+{
+ if (engine)
+ return rsa_engine_get_pub_key(keydir, name, engine, rsap);
+ return rsa_pem_get_pub_key(keydir, name, rsap);
+}
+
+/**
+ * rsa_pem_get_priv_key() - read a private key from a .key file
+ *
+ * @keydir: Directory containing the key
* @name Name of key file (will have a .key extension)
* @rsap Returns RSA object, or NULL on failure
* @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
*/
-static int rsa_get_priv_key(const char *keydir, const char *name, RSA **rsap)
+static int rsa_pem_get_priv_key(const char *keydir, const char *name,
+ RSA **rsap)
{
char path[1024];
RSA *rsa;
return 0;
}
+/**
+ * rsa_engine_get_priv_key() - read a private key from given engine
+ *
+ * @keydir: Key prefix
+ * @name Name of key
+ * @engine Engine to use
+ * @rsap Returns RSA object, or NULL on failure
+ * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
+ */
+static int rsa_engine_get_priv_key(const char *keydir, const char *name,
+ ENGINE *engine, RSA **rsap)
+{
+ const char *engine_id;
+ char key_id[1024];
+ EVP_PKEY *key;
+ RSA *rsa;
+ int ret;
+
+ *rsap = NULL;
+
+ engine_id = ENGINE_get_id(engine);
+
+ if (engine_id && !strcmp(engine_id, "pkcs11")) {
+ if (keydir)
+ snprintf(key_id, sizeof(key_id),
+ "pkcs11:%s;object=%s;type=private",
+ keydir, name);
+ else
+ snprintf(key_id, sizeof(key_id),
+ "pkcs11:object=%s;type=private",
+ name);
+ } else {
+ fprintf(stderr, "Engine not supported\n");
+ return -ENOTSUP;
+ }
+
+ key = ENGINE_load_private_key(engine, key_id, NULL, NULL);
+ if (!key)
+ return rsa_err("Failure loading private key from engine");
+
+ /* Convert to a RSA_style key. */
+ rsa = EVP_PKEY_get1_RSA(key);
+ if (!rsa) {
+ rsa_err("Couldn't convert to a RSA style key");
+ ret = -EINVAL;
+ goto err_rsa;
+ }
+
+ EVP_PKEY_free(key);
+ *rsap = rsa;
+
+ return 0;
+
+err_rsa:
+ EVP_PKEY_free(key);
+ return ret;
+}
+
+/**
+ * rsa_get_priv_key() - read a private key
+ *
+ * @keydir: Directory containing the key (PEM file) or key prefix (engine)
+ * @name Name of key
+ * @engine Engine to use for signing
+ * @rsap Returns RSA object, or NULL on failure
+ * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
+ */
+static int rsa_get_priv_key(const char *keydir, const char *name,
+ ENGINE *engine, RSA **rsap)
+{
+ if (engine)
+ return rsa_engine_get_priv_key(keydir, name, engine, rsap);
+ return rsa_pem_get_priv_key(keydir, name, rsap);
+}
+
static int rsa_init(void)
{
int ret;
return 0;
}
+static int rsa_engine_init(const char *engine_id, ENGINE **pe)
+{
+ ENGINE *e;
+ int ret;
+
+ ENGINE_load_builtin_engines();
+
+ e = ENGINE_by_id(engine_id);
+ if (!e) {
+ fprintf(stderr, "Engine isn't available\n");
+ ret = -1;
+ goto err_engine_by_id;
+ }
+
+ if (!ENGINE_init(e)) {
+ fprintf(stderr, "Couldn't initialize engine\n");
+ ret = -1;
+ goto err_engine_init;
+ }
+
+ if (!ENGINE_set_default_RSA(e)) {
+ fprintf(stderr, "Couldn't set engine as default for RSA\n");
+ ret = -1;
+ goto err_set_rsa;
+ }
+
+ *pe = e;
+
+ return 0;
+
+err_set_rsa:
+ ENGINE_finish(e);
+err_engine_init:
+ ENGINE_free(e);
+err_engine_by_id:
+ ENGINE_cleanup();
+ return ret;
+}
+
static void rsa_remove(void)
{
CRYPTO_cleanup_all_ex_data();
EVP_cleanup();
}
+static void rsa_engine_remove(ENGINE *e)
+{
+ if (e) {
+ ENGINE_finish(e);
+ ENGINE_free(e);
+ }
+}
+
static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
const struct image_region region[], int region_count,
uint8_t **sigp, uint *sig_size)
uint8_t **sigp, uint *sig_len)
{
RSA *rsa;
+ ENGINE *e = NULL;
int ret;
ret = rsa_init();
if (ret)
return ret;
- ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa);
+ if (info->engine_id) {
+ ret = rsa_engine_init(info->engine_id, &e);
+ if (ret)
+ goto err_engine;
+ }
+
+ ret = rsa_get_priv_key(info->keydir, info->keyname, e, &rsa);
if (ret)
goto err_priv;
ret = rsa_sign_with_key(rsa, info->checksum, region,
goto err_sign;
RSA_free(rsa);
+ if (info->engine_id)
+ rsa_engine_remove(e);
rsa_remove();
return ret;
err_sign:
RSA_free(rsa);
err_priv:
+ if (info->engine_id)
+ rsa_engine_remove(e);
+err_engine:
rsa_remove();
return ret;
}
int ret;
int bits;
RSA *rsa;
+ ENGINE *e = NULL;
debug("%s: Getting verification data\n", __func__);
- ret = rsa_get_pub_key(info->keydir, info->keyname, &rsa);
+ if (info->engine_id) {
+ ret = rsa_engine_init(info->engine_id, &e);
+ if (ret)
+ return ret;
+ }
+ ret = rsa_get_pub_key(info->keydir, info->keyname, e, &rsa);
if (ret)
- return ret;
+ goto err_get_pub_key;
ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
if (ret)
- return ret;
+ goto err_get_params;
bits = BN_num_bits(modulus);
parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME);
if (parent == -FDT_ERR_NOTFOUND) {
BN_free(modulus);
BN_free(r_squared);
if (ret)
- return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
+ ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
+err_get_params:
+ RSA_free(rsa);
+err_get_pub_key:
+ if (info->engine_id)
+ rsa_engine_remove(e);
- return 0;
+ return ret;
}
usec -= kv;
} while(usec);
}
-
-void mdelay(unsigned long msec)
-{
- while (msec--)
- udelay(1000);
-}
# Bring in any U-Boot-specific include after the '/dts-v1/;' header
cmd_dtc = mkdir -p $(dir ${dtc-tmp}) ; \
cat $< $(if $(u_boot_dtsi),\
- | sed 's%^/ {$$%\#include \"$(u_boot_dtsi)\"\n&%') | \
+ | sed '/^\/ {$$/{x;s%$$%\#include \"$(u_boot_dtsi)\"%;G;}') | \
$(CPP) $(dtc_cpp_flags) -x assembler-with-cpp -o $(dtc-tmp) - ; \
$(DTC) -O dtb -o $@ -b 0 \
-i $(dir $<) $(DTC_FLAGS) \
$(obj)/%_efi.S: $(obj)/%.efi
$(call cmd,S_efi)
-$(obj)/%.efi: $(obj)/%.so
- $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j .dynamic \
- -j .dynsym -j .rel* -j .rela* -j .reloc \
+quiet_cmd_efi_objcopy = OBJCOPY $@
+cmd_efi_objcopy = $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j \
+ .dynamic -j .dynsym -j .rel* -j .rela* -j .reloc \
$(if $(EFI_TARGET),$(EFI_TARGET),-O binary) $^ $@
+$(obj)/%.efi: $(obj)/%.so
+ $(call cmd,efi_objcopy)
+
+quiet_cmd_efi_ld = LD $@
+cmd_efi_ld = $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared \
+ -Bsymbolic $^ -o $@
+
EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS)
$(obj)/helloworld.so: $(EFI_LDS_PATH)
$(obj)/helloworld.so: $(obj)/helloworld.o arch/$(ARCH)/lib/$(EFI_CRT0) \
arch/$(ARCH)/lib/$(EFI_RELOC)
- $(LD) -nostdlib -znocombreloc -T $(EFI_LDS_PATH) -shared -Bsymbolic \
- $^ -o $@
+ $(call cmd,efi_ld)
# ACPI
# ---------------------------------------------------------------------------
if (!ret) {
ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
params->comment,
- params->require_keys);
+ params->require_keys,
+ params->engine_id);
}
if (dest_blob) {
static int fit_image_setup_sig(struct image_sign_info *info,
const char *keydir, void *fit, const char *image_name,
- int noffset, const char *require_keys)
+ int noffset, const char *require_keys, const char *engine_id)
{
const char *node_name;
char *algo_name;
info->checksum = image_get_checksum_algo(algo_name);
info->crypto = image_get_crypto_algo(algo_name);
info->require_keys = require_keys;
+ info->engine_id = engine_id;
if (!info->checksum || !info->crypto) {
printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
algo_name, node_name, image_name);
* @size: size of data in bytes
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
* @return 0 if ok, -1 on error
*/
static int fit_image_process_sig(const char *keydir, void *keydest,
void *fit, const char *image_name,
int noffset, const void *data, size_t size,
- const char *comment, int require_keys)
+ const char *comment, int require_keys, const char *engine_id)
{
struct image_sign_info info;
struct image_region region;
int ret;
if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset,
- require_keys ? "image" : NULL))
+ require_keys ? "image" : NULL, engine_id))
return -1;
node_name = fit_get_name(fit, noffset, NULL);
* @image_noffset: Requested component image node
* @comment: Comment to add to signature nodes
* @require_keys: Mark all keys as 'required'
+ * @engine_id: Engine to use for signing
* @return: 0 on success, <0 on failure
*/
int fit_image_add_verification_data(const char *keydir, void *keydest,
void *fit, int image_noffset, const char *comment,
- int require_keys)
+ int require_keys, const char *engine_id)
{
const char *image_name;
const void *data;
strlen(FIT_SIG_NODENAME))) {
ret = fit_image_process_sig(keydir, keydest,
fit, image_name, noffset, data, size,
- comment, require_keys);
+ comment, require_keys, engine_id);
}
if (ret)
return ret;
static int fit_config_process_sig(const char *keydir, void *keydest,
void *fit, const char *conf_name, int conf_noffset,
- int noffset, const char *comment, int require_keys)
+ int noffset, const char *comment, int require_keys,
+ const char *engine_id)
{
struct image_sign_info info;
const char *node_name;
return -1;
if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset,
- require_keys ? "conf" : NULL))
+ require_keys ? "conf" : NULL, engine_id))
return -1;
ret = info.crypto->sign(&info, region, region_count, &value,
static int fit_config_add_verification_data(const char *keydir, void *keydest,
void *fit, int conf_noffset, const char *comment,
- int require_keys)
+ int require_keys, const char *engine_id)
{
const char *conf_name;
int noffset;
strlen(FIT_SIG_NODENAME))) {
ret = fit_config_process_sig(keydir, keydest,
fit, conf_name, conf_noffset, noffset, comment,
- require_keys);
+ require_keys, engine_id);
}
if (ret)
return ret;
}
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys)
+ const char *comment, int require_keys,
+ const char *engine_id)
{
int images_noffset, confs_noffset;
int noffset;
* i.e. component image node.
*/
ret = fit_image_add_verification_data(keydir, keydest,
- fit, noffset, comment, require_keys);
+ fit, noffset, comment, require_keys, engine_id);
if (ret)
return ret;
}
noffset = fdt_next_subnode(fit, noffset)) {
ret = fit_config_add_verification_data(keydir, keydest,
fit, noffset, comment,
- require_keys);
+ require_keys,
+ engine_id);
if (ret)
return ret;
}
bool external_data; /* Store data outside the FIT */
bool quiet; /* Don't output text in normal operation */
unsigned int external_offset; /* Add padding to external data */
+ const char *engine_id; /* Engine to use for signing */
};
/*
" -i => input filename for ramdisk file\n");
#ifdef CONFIG_FIT_SIGNATURE
fprintf(stderr,
- "Signing / verified boot options: [-E] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r]\n"
+ "Signing / verified boot options: [-E] [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
" -E => place data outside of the FIT structure\n"
" -k => set directory containing private keys\n"
" -K => write public keys to this .dtb file\n"
" -c => add comment in signature node\n"
" -F => re-sign existing FIT image\n"
" -p => place external data at a static position\n"
- " -r => mark keys used as 'required' in dtb\n");
+ " -r => mark keys used as 'required' in dtb\n"
+ " -N => engine to use for signing (pkcs11)\n");
#else
fprintf(stderr,
"Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
int opt;
while ((opt = getopt(argc, argv,
- "a:A:b:c:C:d:D:e:Ef:Fk:i:K:ln:p:O:rR:qsT:vVx")) != -1) {
+ "a:A:b:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qsT:vVx")) != -1) {
switch (opt) {
case 'a':
params.addr = strtoull(optarg, &ptr, 16);
case 'n':
params.imagename = optarg;
break;
+ case 'N':
+ params.engine_id = optarg;
+ break;
case 'O':
params.os = genimg_get_os_id(optarg);
if (params.os < 0) {
projects / people / ms / u-boot.git / commitdiff
