From patchwork Wed Jul 27 17:12:39 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Dannenberg X-Patchwork-Id: 72909 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp424597qga; Wed, 27 Jul 2016 10:13:00 -0700 (PDT) X-Received: by 10.28.197.68 with SMTP id v65mr56118682wmf.2.1469639574857; Wed, 27 Jul 2016 10:12:54 -0700 (PDT) Return-Path: Received: from theia.denx.de (theia.denx.de. [85.214.87.163]) by mx.google.com with ESMTP id gu5si8081393wjc.152.2016.07.27.10.12.53; Wed, 27 Jul 2016 10:12:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) client-ip=85.214.87.163; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 701F0A753B; Wed, 27 Jul 2016 19:12:53 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-s7KeDJ3Xpv; Wed, 27 Jul 2016 19:12:53 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id D1618A7524; Wed, 27 Jul 2016 19:12:52 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id E2B14A7524 for ; Wed, 27 Jul 2016 19:12:48 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sfh27bJoMxfA for ; Wed, 27 Jul 2016 19:12:48 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from arroyo.ext.ti.com (arroyo.ext.ti.com [198.47.19.12]) by theia.denx.de (Postfix) with ESMTPS id 6E472A74DB for ; Wed, 27 Jul 2016 19:12:44 +0200 (CEST) Received: from dlelxv90.itg.ti.com ([172.17.2.17]) by arroyo.ext.ti.com (8.13.7/8.13.7) with ESMTP id u6RHCeqm014790; Wed, 27 Jul 2016 12:12:40 -0500 Received: from DLEE71.ent.ti.com (dlee71.ent.ti.com [157.170.170.114]) by dlelxv90.itg.ti.com (8.14.3/8.13.8) with ESMTP id u6RHCeUs012067; Wed, 27 Jul 2016 12:12:40 -0500 Received: from dlep33.itg.ti.com (157.170.170.75) by DLEE71.ent.ti.com (157.170.170.114) with Microsoft SMTP Server id 14.3.294.0; Wed, 27 Jul 2016 12:12:39 -0500 Received: from borg.dal.design.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by dlep33.itg.ti.com (8.14.3/8.13.8) with ESMTP id u6RHCe5d011297; Wed, 27 Jul 2016 12:12:40 -0500 From: Andreas Dannenberg To: , Tom Rini , Simon Glass , Lokesh Vutla Date: Wed, 27 Jul 2016 12:12:39 -0500 Message-ID: <1469639559-7339-1-git-send-email-dannenberg@ti.com> X-Mailer: git-send-email 2.7.2 MIME-Version: 1.0 Cc: Madan Srinivas , Daniel Allred Subject: [U-Boot] [PATCH] common: image: Add support for post-processing of images X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This commit allows injecting a board/platform/device-specific post- processing function into the FIT image data loading process, which can include modifying the size and altering the starting source address of an image data artifact. This might be desired to do things like strip headers or footers attached to the images before they were packaged into the FIT, or to perform operations such as decryption or authentication. Introduce new configuration option CONFIG_FIT_IMAGE_POST_PROCESS to allow controlling this feature. If enabled, a platform-specific post- process function must be provided. Signed-off-by: Andreas Dannenberg --- While not limited to this use case this commit allows for example on TI high-security (HS) device variants to extend the secure boot chain to Kernel, DTB, and initramfs (and anything else really that can be bundled into a FIT image) by injecting calls to a TI-specific ROM API to perform authentication (and optionally decryption) of blobs. At this stage of the boot process one is also free to use the FIT/ RSA/SHA-based verified boot scheme already built-into U-Boot to perform authentication on TI HS devices, providing a choice between a completely open solution or continuing to perform ROM-based calls (which would have the added benefit of supporting decryption, amongst other reasons such as faster performance due to inherent crypto accelerator usage). This commit works in analogy to da74d1f "spl: fit: add support for post-processing of images" which introduced the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option. On a related note Andrew (on copy) will be taking over the work on this patch to address any feedback there might be since my last day at TI will be 07/29. I will still be monitoring the mailing list but might not be able to respond in the current capacity. Thanks and Regards, Andreas Kconfig | 14 ++++++++++++++ common/image-fit.c | 26 +++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) -- 2.7.2 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot diff --git a/Kconfig b/Kconfig index ef12f9f..c5489dc 100644 --- a/Kconfig +++ b/Kconfig @@ -336,6 +336,20 @@ config SPL_FIT_IMAGE_POST_PROCESS injected into the FIT creation (i.e. the blobs would have been pre- processed before being added to the FIT image). +config FIT_IMAGE_POST_PROCESS + bool "Enable post-processing of FIT artifacts after loading by U-Boot" + depends on FIT && TI_SECURE_DEVICE + help + Allows doing any sort of manipulation to blobs after they got extracted + from FIT images like stripping off headers or modifying the size of the + blob, verification, authentication, decryption etc. in a platform or + board specific way. In order to use this feature a platform or board- + specific implementation of board_fit_image_post_process() must be + provided. Also, anything done during this post-processing step would + need to be comprehended in how the images were prepared before being + injected into the FIT creation (i.e. the blobs would have been pre- + processed before being added to the FIT image). + config SYS_CLK_FREQ depends on ARC || ARCH_SUNXI int "CPU clock frequency" diff --git a/common/image-fit.c b/common/image-fit.c index 73ad34e..d8d4e95 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -11,9 +11,9 @@ #ifdef USE_HOSTCC #include "mkimage.h" -#include #include #else +#include #include #include #include @@ -21,6 +21,7 @@ DECLARE_GLOBAL_DATA_PTR; #endif /* !USE_HOSTCC*/ +#include #include #include #include @@ -1507,6 +1508,12 @@ void fit_conf_print(const void *fit, int noffset, const char *p) static int fit_image_select(const void *fit, int rd_noffset, int verify) { +#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS) + const void *data; + size_t size; + int ret; +#endif + fit_image_print(fit, rd_noffset, " "); if (verify) { @@ -1518,6 +1525,23 @@ static int fit_image_select(const void *fit, int rd_noffset, int verify) puts("OK\n"); } +#if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS) + ret = fit_image_get_data(fit, rd_noffset, &data, &size); + if (ret) + return ret; + + /* perform any post-processing on the image data */ + board_fit_image_post_process((void **)&data, &size); + + /* + * update U-Boot's understanding of the "data" property start address + * and size according to the performed post-processing + */ + ret = fdt_setprop((void *)fit, rd_noffset, FIT_DATA_PROP, data, size); + if (ret) + return ret; +#endif + return 0; }