From patchwork Mon Jun 27 14:19:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Dannenberg X-Patchwork-Id: 70922 Delivered-To: patch@linaro.org Received: by 10.140.28.4 with SMTP id 4csp1097079qgy; Mon, 27 Jun 2016 07:20:23 -0700 (PDT) X-Received: by 10.28.195.135 with SMTP id t129mr11073121wmf.78.1467037223529; Mon, 27 Jun 2016 07:20:23 -0700 (PDT) Return-Path: Received: from theia.denx.de (theia.denx.de. [85.214.87.163]) by mx.google.com with ESMTP id l9si10463627wjd.75.2016.06.27.07.20.23; Mon, 27 Jun 2016 07:20:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) client-ip=85.214.87.163; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id C0465A7681; Mon, 27 Jun 2016 16:20:05 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdaFj2sJEI8j; Mon, 27 Jun 2016 16:20:05 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id E5FB2A7695; Mon, 27 Jun 2016 16:19:45 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id D9C99A75D5 for ; Mon, 27 Jun 2016 16:19:33 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8r19mHTLOT9C for ; Mon, 27 Jun 2016 16:19:33 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from bear.ext.ti.com (bear.ext.ti.com [198.47.19.11]) by theia.denx.de (Postfix) with ESMTPS id 2E679A7548 for ; Mon, 27 Jun 2016 16:19:29 +0200 (CEST) Received: from dflxv15.itg.ti.com ([128.247.5.124]) by bear.ext.ti.com (8.13.7/8.13.7) with ESMTP id u5REJRHJ015697; Mon, 27 Jun 2016 09:19:27 -0500 Received: from DFLE72.ent.ti.com (dfle72.ent.ti.com [128.247.5.109]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id u5REJQWC012088; Mon, 27 Jun 2016 09:19:27 -0500 Received: from dlep33.itg.ti.com (157.170.170.75) by DFLE72.ent.ti.com (128.247.5.109) with Microsoft SMTP Server id 14.3.294.0; Mon, 27 Jun 2016 09:19:26 -0500 Received: from borg.dal.design.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by dlep33.itg.ti.com (8.14.3/8.13.8) with ESMTP id u5REJQg9032396; Mon, 27 Jun 2016 09:19:26 -0500 From: Andreas Dannenberg To: , Tom Rini , Simon Glass , Masahiro Yamada Date: Mon, 27 Jun 2016 09:19:21 -0500 Message-ID: <1467037164-28093-7-git-send-email-dannenberg@ti.com> X-Mailer: git-send-email 2.7.2 In-Reply-To: <1467037164-28093-1-git-send-email-dannenberg@ti.com> References: <1467037164-28093-1-git-send-email-dannenberg@ti.com> MIME-Version: 1.0 Cc: Madan Srinivas , Daniel Allred Subject: [U-Boot] [PATCH v3 6/9] spl: fit: add support for post-processing of images X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Daniel Allred The next stage boot loader image and the selected FDT can be post- processed by board/platform/device-specific code, which can include modifying the size and altering the starting source address before copying these binary blobs to their final destination. This might be desired to do things like strip headers or footers attached to the images before they were packaged into the FIT, or to perform operations such as decryption or authentication. Introduce new configuration option CONFIG_SPL_FIT_IMAGE_POST_PROCESS to allow controlling this feature. If enabled, a platform-specific post-process function must be provided. Signed-off-by: Daniel Allred Signed-off-by: Andreas Dannenberg Reviewed-by: Tom Rini --- Kconfig | 14 ++++++++++++++ common/spl/spl_fit.c | 21 ++++++++++++++++----- include/image.h | 17 +++++++++++++++++ 3 files changed, 47 insertions(+), 5 deletions(-) -- 2.6.4 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot diff --git a/Kconfig b/Kconfig index 3ceff25..2afbaaf 100644 --- a/Kconfig +++ b/Kconfig @@ -313,6 +313,20 @@ config SPL_LOAD_FIT particular it can handle selecting from multiple device tree and passing the correct one to U-Boot. +config SPL_FIT_IMAGE_POST_PROCESS + bool "Enable post-processing of FIT artifacts after loading by the SPL" + depends on SPL_LOAD_FIT && TI_SECURE_DEVICE + help + Allows doing any sort of manipulation to blobs after they got extracted + from the U-Boot FIT image like stripping off headers or modifying the + size of the blob, verification, authentication, decryption etc. in a + platform or board specific way. In order to use this feature a platform + or board-specific implementation of board_fit_image_post_process() must + be provided. Also, anything done during this post-processing step would + need to be comprehended in how the images were prepared before being + injected into the FIT creation (i.e. the blobs would have been pre- + processed before being added to the FIT image). + config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI int "CPU clock frequency" diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index 9874708..069e94d 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -132,7 +132,7 @@ int spl_load_simple_fit(struct spl_load_info *info, ulong sector, void *fit) int data_offset, data_size; int base_offset, align_len = ARCH_DMA_MINALIGN - 1; int src_sector; - void *dst; + void *dst, *src; /* * Figure out where the external images start. This is the base for the @@ -206,8 +206,13 @@ int spl_load_simple_fit(struct spl_load_info *info, ulong sector, void *fit) return -EIO; debug("image: dst=%p, data_offset=%x, size=%x\n", dst, data_offset, data_size); - memcpy(dst, dst + get_aligned_image_overhead(info, data_offset), - data_size); + src = dst + get_aligned_image_overhead(info, data_offset); + +#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS + board_fit_image_post_process((void **)&src, (size_t *)&data_size); +#endif + + memcpy(dst, src, data_size); /* Figure out which device tree the board wants to use */ fdt_len = spl_fit_select_fdt(fit, images, &fdt_offset); @@ -236,8 +241,14 @@ int spl_load_simple_fit(struct spl_load_info *info, ulong sector, void *fit) */ debug("fdt: dst=%p, data_offset=%x, size=%x\n", dst, fdt_offset, fdt_len); - memcpy(load_ptr + data_size, - dst + get_aligned_image_overhead(info, fdt_offset), fdt_len); + src = dst + get_aligned_image_overhead(info, fdt_offset); + dst = load_ptr + data_size; + +#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS + board_fit_image_post_process((void **)&src, (size_t *)&fdt_len); +#endif + + memcpy(dst, src, fdt_len); return 0; } diff --git a/include/image.h b/include/image.h index d788c26..93d39e1 100644 --- a/include/image.h +++ b/include/image.h @@ -1173,4 +1173,21 @@ void android_print_contents(const struct andr_img_hdr *hdr); */ int board_fit_config_name_match(const char *name); +#ifdef CONFIG_SPL_FIT_IMAGE_POST_PROCESS +/** + * board_fit_image_post_process() - Do any post-process on FIT binary data + * + * This is used to do any sort of image manipulation, verification, decryption + * etc. in a platform or board specific way. Obviously, anything done here would + * need to be comprehended in how the images were prepared before being injected + * into the FIT creation (i.e. the binary blobs would have been pre-processed + * before being added to the FIT image). + * + * @image: pointer to the image start pointer + * @size: pointer to the image size + * @return no return value (failure should be handled internally) + */ +void board_fit_image_post_process(void **p_image, size_t *p_size); +#endif /* CONFIG_SPL_FIT_IMAGE_POST_PROCESS */ + #endif /* __IMAGE_H__ */