uboot/tools/kwbimage.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * Image manipulator for Marvell SoCs
   4 *  supports Kirkwood, Dove, Armada 370, Armada XP, and Armada 38x
   5 *
   6 * (C) Copyright 2013 Thomas Petazzoni
   7 * <thomas.petazzoni@free-electrons.com>
   8 *
   9 * Not implemented: support for the register headers in v1 images
  10 */
  11
  12#include "imagetool.h"
  13#include <limits.h>
  14#include <image.h>
  15#include <stdarg.h>
  16#include <stdint.h>
  17#include "kwbimage.h"
  18
  19#ifdef CONFIG_KWB_SECURE
  20#include <openssl/bn.h>
  21#include <openssl/rsa.h>
  22#include <openssl/pem.h>
  23#include <openssl/err.h>
  24#include <openssl/evp.h>
  25
  26#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
  27    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
  28static void RSA_get0_key(const RSA *r,
  29                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
  30{
  31   if (n != NULL)
  32       *n = r->n;
  33   if (e != NULL)
  34       *e = r->e;
  35   if (d != NULL)
  36       *d = r->d;
  37}
  38
  39#elif !defined(LIBRESSL_VERSION_NUMBER)
  40void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
  41{
  42        EVP_MD_CTX_reset(ctx);
  43}
  44#endif
  45#endif
  46
  47static struct image_cfg_element *image_cfg;
  48static int cfgn;
  49#ifdef CONFIG_KWB_SECURE
  50static int verbose_mode;
  51#endif
  52
  53struct boot_mode {
  54        unsigned int id;
  55        const char *name;
  56};
  57
  58/*
  59 * SHA2-256 hash
  60 */
  61struct hash_v1 {
  62        uint8_t hash[32];
  63};
  64
  65struct boot_mode boot_modes[] = {
  66        { 0x4D, "i2c"  },
  67        { 0x5A, "spi"  },
  68        { 0x8B, "nand" },
  69        { 0x78, "sata" },
  70        { 0x9C, "pex"  },
  71        { 0x69, "uart" },
  72        { 0xAE, "sdio" },
  73        {},
  74};
  75
  76struct nand_ecc_mode {
  77        unsigned int id;
  78        const char *name;
  79};
  80
  81struct nand_ecc_mode nand_ecc_modes[] = {
  82        { 0x00, "default" },
  83        { 0x01, "hamming" },
  84        { 0x02, "rs" },
  85        { 0x03, "disabled" },
  86        {},
  87};
  88
  89/* Used to identify an undefined execution or destination address */
  90#define ADDR_INVALID ((uint32_t)-1)
  91
  92#define BINARY_MAX_ARGS 8
  93
  94/* In-memory representation of a line of the configuration file */
  95
  96enum image_cfg_type {
  97        IMAGE_CFG_VERSION = 0x1,
  98        IMAGE_CFG_BOOT_FROM,
  99        IMAGE_CFG_DEST_ADDR,
 100        IMAGE_CFG_EXEC_ADDR,
 101        IMAGE_CFG_NAND_BLKSZ,
 102        IMAGE_CFG_NAND_BADBLK_LOCATION,
 103        IMAGE_CFG_NAND_ECC_MODE,
 104        IMAGE_CFG_NAND_PAGESZ,
 105        IMAGE_CFG_BINARY,
 106        IMAGE_CFG_PAYLOAD,
 107        IMAGE_CFG_DATA,
 108        IMAGE_CFG_BAUDRATE,
 109        IMAGE_CFG_DEBUG,
 110        IMAGE_CFG_KAK,
 111        IMAGE_CFG_CSK,
 112        IMAGE_CFG_CSK_INDEX,
 113        IMAGE_CFG_JTAG_DELAY,
 114        IMAGE_CFG_BOX_ID,
 115        IMAGE_CFG_FLASH_ID,
 116        IMAGE_CFG_SEC_COMMON_IMG,
 117        IMAGE_CFG_SEC_SPECIALIZED_IMG,
 118        IMAGE_CFG_SEC_BOOT_DEV,
 119        IMAGE_CFG_SEC_FUSE_DUMP,
 120
 121        IMAGE_CFG_COUNT
 122} type;
 123
 124static const char * const id_strs[] = {
 125        [IMAGE_CFG_VERSION] = "VERSION",
 126        [IMAGE_CFG_BOOT_FROM] = "BOOT_FROM",
 127        [IMAGE_CFG_DEST_ADDR] = "DEST_ADDR",
 128        [IMAGE_CFG_EXEC_ADDR] = "EXEC_ADDR",
 129        [IMAGE_CFG_NAND_BLKSZ] = "NAND_BLKSZ",
 130        [IMAGE_CFG_NAND_BADBLK_LOCATION] = "NAND_BADBLK_LOCATION",
 131        [IMAGE_CFG_NAND_ECC_MODE] = "NAND_ECC_MODE",
 132        [IMAGE_CFG_NAND_PAGESZ] = "NAND_PAGE_SIZE",
 133        [IMAGE_CFG_BINARY] = "BINARY",
 134        [IMAGE_CFG_PAYLOAD] = "PAYLOAD",
 135        [IMAGE_CFG_DATA] = "DATA",
 136        [IMAGE_CFG_BAUDRATE] = "BAUDRATE",
 137        [IMAGE_CFG_DEBUG] = "DEBUG",
 138        [IMAGE_CFG_KAK] = "KAK",
 139        [IMAGE_CFG_CSK] = "CSK",
 140        [IMAGE_CFG_CSK_INDEX] = "CSK_INDEX",
 141        [IMAGE_CFG_JTAG_DELAY] = "JTAG_DELAY",
 142        [IMAGE_CFG_BOX_ID] = "BOX_ID",
 143        [IMAGE_CFG_FLASH_ID] = "FLASH_ID",
 144        [IMAGE_CFG_SEC_COMMON_IMG] = "SEC_COMMON_IMG",
 145        [IMAGE_CFG_SEC_SPECIALIZED_IMG] = "SEC_SPECIALIZED_IMG",
 146        [IMAGE_CFG_SEC_BOOT_DEV] = "SEC_BOOT_DEV",
 147        [IMAGE_CFG_SEC_FUSE_DUMP] = "SEC_FUSE_DUMP"
 148};
 149
 150struct image_cfg_element {
 151        enum image_cfg_type type;
 152        union {
 153                unsigned int version;
 154                unsigned int bootfrom;
 155                struct {
 156                        const char *file;
 157                        unsigned int args[BINARY_MAX_ARGS];
 158                        unsigned int nargs;
 159                } binary;
 160                const char *payload;
 161                unsigned int dstaddr;
 162                unsigned int execaddr;
 163                unsigned int nandblksz;
 164                unsigned int nandbadblklocation;
 165                unsigned int nandeccmode;
 166                unsigned int nandpagesz;
 167                struct ext_hdr_v0_reg regdata;
 168                unsigned int baudrate;
 169                unsigned int debug;
 170                const char *key_name;
 171                int csk_idx;
 172                uint8_t jtag_delay;
 173                uint32_t boxid;
 174                uint32_t flashid;
 175                bool sec_specialized_img;
 176                unsigned int sec_boot_dev;
 177                const char *name;
 178        };
 179};
 180
 181#define IMAGE_CFG_ELEMENT_MAX 256
 182
 183/*
 184 * Utility functions to manipulate boot mode and ecc modes (convert
 185 * them back and forth between description strings and the
 186 * corresponding numerical identifiers).
 187 */
 188
 189static const char *image_boot_mode_name(unsigned int id)
 190{
 191        int i;
 192
 193        for (i = 0; boot_modes[i].name; i++)
 194                if (boot_modes[i].id == id)
 195                        return boot_modes[i].name;
 196        return NULL;
 197}
 198
 199int image_boot_mode_id(const char *boot_mode_name)
 200{
 201        int i;
 202
 203        for (i = 0; boot_modes[i].name; i++)
 204                if (!strcmp(boot_modes[i].name, boot_mode_name))
 205                        return boot_modes[i].id;
 206
 207        return -1;
 208}
 209
 210int image_nand_ecc_mode_id(const char *nand_ecc_mode_name)
 211{
 212        int i;
 213
 214        for (i = 0; nand_ecc_modes[i].name; i++)
 215                if (!strcmp(nand_ecc_modes[i].name, nand_ecc_mode_name))
 216                        return nand_ecc_modes[i].id;
 217        return -1;
 218}
 219
 220static struct image_cfg_element *
 221image_find_option(unsigned int optiontype)
 222{
 223        int i;
 224
 225        for (i = 0; i < cfgn; i++) {
 226                if (image_cfg[i].type == optiontype)
 227                        return &image_cfg[i];
 228        }
 229
 230        return NULL;
 231}
 232
 233static unsigned int
 234image_count_options(unsigned int optiontype)
 235{
 236        int i;
 237        unsigned int count = 0;
 238
 239        for (i = 0; i < cfgn; i++)
 240                if (image_cfg[i].type == optiontype)
 241                        count++;
 242
 243        return count;
 244}
 245
 246#if defined(CONFIG_KWB_SECURE)
 247
 248static int image_get_csk_index(void)
 249{
 250        struct image_cfg_element *e;
 251
 252        e = image_find_option(IMAGE_CFG_CSK_INDEX);
 253        if (!e)
 254                return -1;
 255
 256        return e->csk_idx;
 257}
 258
 259static bool image_get_spezialized_img(void)
 260{
 261        struct image_cfg_element *e;
 262
 263        e = image_find_option(IMAGE_CFG_SEC_SPECIALIZED_IMG);
 264        if (!e)
 265                return false;
 266
 267        return e->sec_specialized_img;
 268}
 269
 270#endif
 271
 272/*
 273 * Compute a 8-bit checksum of a memory area. This algorithm follows
 274 * the requirements of the Marvell SoC BootROM specifications.
 275 */
 276static uint8_t image_checksum8(void *start, uint32_t len)
 277{
 278        uint8_t csum = 0;
 279        uint8_t *p = start;
 280
 281        /* check len and return zero checksum if invalid */
 282        if (!len)
 283                return 0;
 284
 285        do {
 286                csum += *p;
 287                p++;
 288        } while (--len);
 289
 290        return csum;
 291}
 292
 293size_t kwbimage_header_size(unsigned char *ptr)
 294{
 295        if (image_version((void *)ptr) == 0)
 296                return sizeof(struct main_hdr_v0);
 297        else
 298                return KWBHEADER_V1_SIZE((struct main_hdr_v1 *)ptr);
 299}
 300
 301/*
 302 * Verify checksum over a complete header that includes the checksum field.
 303 * Return 1 when OK, otherwise 0.
 304 */
 305static int main_hdr_checksum_ok(void *hdr)
 306{
 307        /* Offsets of checksum in v0 and v1 headers are the same */
 308        struct main_hdr_v0 *main_hdr = (struct main_hdr_v0 *)hdr;
 309        uint8_t checksum;
 310
 311        checksum = image_checksum8(hdr, kwbimage_header_size(hdr));
 312        /* Calculated checksum includes the header checksum field. Compensate
 313         * for that.
 314         */
 315        checksum -= main_hdr->checksum;
 316
 317        return checksum == main_hdr->checksum;
 318}
 319
 320static uint32_t image_checksum32(void *start, uint32_t len)
 321{
 322        uint32_t csum = 0;
 323        uint32_t *p = start;
 324
 325        /* check len and return zero checksum if invalid */
 326        if (!len)
 327                return 0;
 328
 329        if (len % sizeof(uint32_t)) {
 330                fprintf(stderr, "Length %d is not in multiple of %zu\n",
 331                        len, sizeof(uint32_t));
 332                return 0;
 333        }
 334
 335        do {
 336                csum += *p;
 337                p++;
 338                len -= sizeof(uint32_t);
 339        } while (len > 0);
 340
 341        return csum;
 342}
 343
 344static uint8_t baudrate_to_option(unsigned int baudrate)
 345{
 346        switch (baudrate) {
 347        case 2400:
 348                return MAIN_HDR_V1_OPT_BAUD_2400;
 349        case 4800:
 350                return MAIN_HDR_V1_OPT_BAUD_4800;
 351        case 9600:
 352                return MAIN_HDR_V1_OPT_BAUD_9600;
 353        case 19200:
 354                return MAIN_HDR_V1_OPT_BAUD_19200;
 355        case 38400:
 356                return MAIN_HDR_V1_OPT_BAUD_38400;
 357        case 57600:
 358                return MAIN_HDR_V1_OPT_BAUD_57600;
 359        case 115200:
 360                return MAIN_HDR_V1_OPT_BAUD_115200;
 361        default:
 362                return MAIN_HDR_V1_OPT_BAUD_DEFAULT;
 363        }
 364}
 365
 366#if defined(CONFIG_KWB_SECURE)
 367static void kwb_msg(const char *fmt, ...)
 368{
 369        if (verbose_mode) {
 370                va_list ap;
 371
 372                va_start(ap, fmt);
 373                vfprintf(stdout, fmt, ap);
 374                va_end(ap);
 375        }
 376}
 377
 378static int openssl_err(const char *msg)
 379{
 380        unsigned long ssl_err = ERR_get_error();
 381
 382        fprintf(stderr, "%s", msg);
 383        fprintf(stderr, ": %s\n",
 384                ERR_error_string(ssl_err, 0));
 385
 386        return -1;
 387}
 388
 389static int kwb_load_rsa_key(const char *keydir, const char *name, RSA **p_rsa)
 390{
 391        char path[PATH_MAX];
 392        RSA *rsa;
 393        FILE *f;
 394
 395        if (!keydir)
 396                keydir = ".";
 397
 398        snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
 399        f = fopen(path, "r");
 400        if (!f) {
 401                fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
 402                        path, strerror(errno));
 403                return -ENOENT;
 404        }
 405
 406        rsa = PEM_read_RSAPrivateKey(f, 0, NULL, "");
 407        if (!rsa) {
 408                openssl_err("Failure reading private key");
 409                fclose(f);
 410                return -EPROTO;
 411        }
 412        fclose(f);
 413        *p_rsa = rsa;
 414
 415        return 0;
 416}
 417
 418static int kwb_load_cfg_key(struct image_tool_params *params,
 419                            unsigned int cfg_option, const char *key_name,
 420                            RSA **p_key)
 421{
 422        struct image_cfg_element *e_key;
 423        RSA *key;
 424        int res;
 425
 426        *p_key = NULL;
 427
 428        e_key = image_find_option(cfg_option);
 429        if (!e_key) {
 430                fprintf(stderr, "%s not configured\n", key_name);
 431                return -ENOENT;
 432        }
 433
 434        res = kwb_load_rsa_key(params->keydir, e_key->key_name, &key);
 435        if (res < 0) {
 436                fprintf(stderr, "Failed to load %s\n", key_name);
 437                return -ENOENT;
 438        }
 439
 440        *p_key = key;
 441
 442        return 0;
 443}
 444
 445static int kwb_load_kak(struct image_tool_params *params, RSA **p_kak)
 446{
 447        return kwb_load_cfg_key(params, IMAGE_CFG_KAK, "KAK", p_kak);
 448}
 449
 450static int kwb_load_csk(struct image_tool_params *params, RSA **p_csk)
 451{
 452        return kwb_load_cfg_key(params, IMAGE_CFG_CSK, "CSK", p_csk);
 453}
 454
 455static int kwb_compute_pubkey_hash(struct pubkey_der_v1 *pk,
 456                                   struct hash_v1 *hash)
 457{
 458        EVP_MD_CTX *ctx;
 459        unsigned int key_size;
 460        unsigned int hash_size;
 461        int ret = 0;
 462
 463        if (!pk || !hash || pk->key[0] != 0x30 || pk->key[1] != 0x82)
 464                return -EINVAL;
 465
 466        key_size = (pk->key[2] << 8) + pk->key[3] + 4;
 467
 468        ctx = EVP_MD_CTX_create();
 469        if (!ctx)
 470                return openssl_err("EVP context creation failed");
 471
 472        EVP_MD_CTX_init(ctx);
 473        if (!EVP_DigestInit(ctx, EVP_sha256())) {
 474                ret = openssl_err("Digest setup failed");
 475                goto hash_err_ctx;
 476        }
 477
 478        if (!EVP_DigestUpdate(ctx, pk->key, key_size)) {
 479                ret = openssl_err("Hashing data failed");
 480                goto hash_err_ctx;
 481        }
 482
 483        if (!EVP_DigestFinal(ctx, hash->hash, &hash_size)) {
 484                ret = openssl_err("Could not obtain hash");
 485                goto hash_err_ctx;
 486        }
 487
 488        EVP_MD_CTX_cleanup(ctx);
 489
 490hash_err_ctx:
 491        EVP_MD_CTX_destroy(ctx);
 492        return ret;
 493}
 494
 495static int kwb_import_pubkey(RSA **key, struct pubkey_der_v1 *src, char *keyname)
 496{
 497        RSA *rsa;
 498        const unsigned char *ptr;
 499
 500        if (!key || !src)
 501                goto fail;
 502
 503        ptr = src->key;
 504        rsa = d2i_RSAPublicKey(key, &ptr, sizeof(src->key));
 505        if (!rsa) {
 506                openssl_err("error decoding public key");
 507                goto fail;
 508        }
 509
 510        return 0;
 511fail:
 512        fprintf(stderr, "Failed to decode %s pubkey\n", keyname);
 513        return -EINVAL;
 514}
 515
 516static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf,
 517                             char *keyname)
 518{
 519        int size_exp, size_mod, size_seq;
 520        const BIGNUM *key_e, *key_n;
 521        uint8_t *cur;
 522        char *errmsg = "Failed to encode %s\n";
 523
 524        RSA_get0_key(key, NULL, &key_e, NULL);
 525        RSA_get0_key(key, &key_n, NULL, NULL);
 526
 527        if (!key || !key_e || !key_n || !dst) {
 528                fprintf(stderr, "export pk failed: (%p, %p, %p, %p)",
 529                        key, key_e, key_n, dst);
 530                fprintf(stderr, errmsg, keyname);
 531                return -EINVAL;
 532        }
 533
 534        /*
 535         * According to the specs, the key should be PKCS#1 DER encoded.
 536         * But unfortunately the really required encoding seems to be different;
 537         * it violates DER...! (But it still conformes to BER.)
 538         * (Length always in long form w/ 2 byte length code; no leading zero
 539         * when MSB of first byte is set...)
 540         * So we cannot use the encoding func provided by OpenSSL and have to
 541         * do the encoding manually.
 542         */
 543
 544        size_exp = BN_num_bytes(key_e);
 545        size_mod = BN_num_bytes(key_n);
 546        size_seq = 4 + size_mod + 4 + size_exp;
 547
 548        if (size_mod > 256) {
 549                fprintf(stderr, "export pk failed: wrong mod size: %d\n",
 550                        size_mod);
 551                fprintf(stderr, errmsg, keyname);
 552                return -EINVAL;
 553        }
 554
 555        if (4 + size_seq > sizeof(dst->key)) {
 556                fprintf(stderr, "export pk failed: seq too large (%d, %lu)\n",
 557                        4 + size_seq, sizeof(dst->key));
 558                fprintf(stderr, errmsg, keyname);
 559                return -ENOBUFS;
 560        }
 561
 562        cur = dst->key;
 563
 564        /* PKCS#1 (RFC3447) RSAPublicKey structure */
 565        *cur++ = 0x30;          /* SEQUENCE */
 566        *cur++ = 0x82;
 567        *cur++ = (size_seq >> 8) & 0xFF;
 568        *cur++ = size_seq & 0xFF;
 569        /* Modulus */
 570        *cur++ = 0x02;          /* INTEGER */
 571        *cur++ = 0x82;
 572        *cur++ = (size_mod >> 8) & 0xFF;
 573        *cur++ = size_mod & 0xFF;
 574        BN_bn2bin(key_n, cur);
 575        cur += size_mod;
 576        /* Exponent */
 577        *cur++ = 0x02;          /* INTEGER */
 578        *cur++ = 0x82;
 579        *cur++ = (size_exp >> 8) & 0xFF;
 580        *cur++ = size_exp & 0xFF;
 581        BN_bn2bin(key_e, cur);
 582
 583        if (hashf) {
 584                struct hash_v1 pk_hash;
 585                int i;
 586                int ret = 0;
 587
 588                ret = kwb_compute_pubkey_hash(dst, &pk_hash);
 589                if (ret < 0) {
 590                        fprintf(stderr, errmsg, keyname);
 591                        return ret;
 592                }
 593
 594                fprintf(hashf, "SHA256 = ");
 595                for (i = 0 ; i < sizeof(pk_hash.hash); ++i)
 596                        fprintf(hashf, "%02X", pk_hash.hash[i]);
 597                fprintf(hashf, "\n");
 598        }
 599
 600        return 0;
 601}
 602
 603int kwb_sign(RSA *key, void *data, int datasz, struct sig_v1 *sig, char *signame)
 604{
 605        EVP_PKEY *evp_key;
 606        EVP_MD_CTX *ctx;
 607        unsigned int sig_size;
 608        int size;
 609        int ret = 0;
 610
 611        evp_key = EVP_PKEY_new();
 612        if (!evp_key)
 613                return openssl_err("EVP_PKEY object creation failed");
 614
 615        if (!EVP_PKEY_set1_RSA(evp_key, key)) {
 616                ret = openssl_err("EVP key setup failed");
 617                goto err_key;
 618        }
 619
 620        size = EVP_PKEY_size(evp_key);
 621        if (size > sizeof(sig->sig)) {
 622                fprintf(stderr, "Buffer to small for signature (%d bytes)\n",
 623                        size);
 624                ret = -ENOBUFS;
 625                goto err_key;
 626        }
 627
 628        ctx = EVP_MD_CTX_create();
 629        if (!ctx) {
 630                ret = openssl_err("EVP context creation failed");
 631                goto err_key;
 632        }
 633        EVP_MD_CTX_init(ctx);
 634        if (!EVP_SignInit(ctx, EVP_sha256())) {
 635                ret = openssl_err("Signer setup failed");
 636                goto err_ctx;
 637        }
 638
 639        if (!EVP_SignUpdate(ctx, data, datasz)) {
 640                ret = openssl_err("Signing data failed");
 641                goto err_ctx;
 642        }
 643
 644        if (!EVP_SignFinal(ctx, sig->sig, &sig_size, evp_key)) {
 645                ret = openssl_err("Could not obtain signature");
 646                goto err_ctx;
 647        }
 648
 649        EVP_MD_CTX_cleanup(ctx);
 650        EVP_MD_CTX_destroy(ctx);
 651        EVP_PKEY_free(evp_key);
 652
 653        return 0;
 654
 655err_ctx:
 656        EVP_MD_CTX_destroy(ctx);
 657err_key:
 658        EVP_PKEY_free(evp_key);
 659        fprintf(stderr, "Failed to create %s signature\n", signame);
 660        return ret;
 661}
 662
 663int kwb_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
 664               char *signame)
 665{
 666        EVP_PKEY *evp_key;
 667        EVP_MD_CTX *ctx;
 668        int size;
 669        int ret = 0;
 670
 671        evp_key = EVP_PKEY_new();
 672        if (!evp_key)
 673                return openssl_err("EVP_PKEY object creation failed");
 674
 675        if (!EVP_PKEY_set1_RSA(evp_key, key)) {
 676                ret = openssl_err("EVP key setup failed");
 677                goto err_key;
 678        }
 679
 680        size = EVP_PKEY_size(evp_key);
 681        if (size > sizeof(sig->sig)) {
 682                fprintf(stderr, "Invalid signature size (%d bytes)\n",
 683                        size);
 684                ret = -EINVAL;
 685                goto err_key;
 686        }
 687
 688        ctx = EVP_MD_CTX_create();
 689        if (!ctx) {
 690                ret = openssl_err("EVP context creation failed");
 691                goto err_key;
 692        }
 693        EVP_MD_CTX_init(ctx);
 694        if (!EVP_VerifyInit(ctx, EVP_sha256())) {
 695                ret = openssl_err("Verifier setup failed");
 696                goto err_ctx;
 697        }
 698
 699        if (!EVP_VerifyUpdate(ctx, data, datasz)) {
 700                ret = openssl_err("Hashing data failed");
 701                goto err_ctx;
 702        }
 703
 704        if (!EVP_VerifyFinal(ctx, sig->sig, sizeof(sig->sig), evp_key)) {
 705                ret = openssl_err("Could not verify signature");
 706                goto err_ctx;
 707        }
 708
 709        EVP_MD_CTX_cleanup(ctx);
 710        EVP_MD_CTX_destroy(ctx);
 711        EVP_PKEY_free(evp_key);
 712
 713        return 0;
 714
 715err_ctx:
 716        EVP_MD_CTX_destroy(ctx);
 717err_key:
 718        EVP_PKEY_free(evp_key);
 719        fprintf(stderr, "Failed to verify %s signature\n", signame);
 720        return ret;
 721}
 722
 723int kwb_sign_and_verify(RSA *key, void *data, int datasz, struct sig_v1 *sig,
 724                        char *signame)
 725{
 726        if (kwb_sign(key, data, datasz, sig, signame) < 0)
 727                return -1;
 728
 729        if (kwb_verify(key, data, datasz, sig, signame) < 0)
 730                return -1;
 731
 732        return 0;
 733}
 734
 735
 736int kwb_dump_fuse_cmds_38x(FILE *out, struct secure_hdr_v1 *sec_hdr)
 737{
 738        struct hash_v1 kak_pub_hash;
 739        struct image_cfg_element *e;
 740        unsigned int fuse_line;
 741        int i, idx;
 742        uint8_t *ptr;
 743        uint32_t val;
 744        int ret = 0;
 745
 746        if (!out || !sec_hdr)
 747                return -EINVAL;
 748
 749        ret = kwb_compute_pubkey_hash(&sec_hdr->kak, &kak_pub_hash);
 750        if (ret < 0)
 751                goto done;
 752
 753        fprintf(out, "# burn KAK pub key hash\n");
 754        ptr = kak_pub_hash.hash;
 755        for (fuse_line = 26; fuse_line <= 30; ++fuse_line) {
 756                fprintf(out, "fuse prog -y %u 0 ", fuse_line);
 757
 758                for (i = 4; i-- > 0;)
 759                        fprintf(out, "%02hx", (ushort)ptr[i]);
 760                ptr += 4;
 761                fprintf(out, " 00");
 762
 763                if (fuse_line < 30) {
 764                        for (i = 3; i-- > 0;)
 765                                fprintf(out, "%02hx", (ushort)ptr[i]);
 766                        ptr += 3;
 767                } else {
 768                        fprintf(out, "000000");
 769                }
 770
 771                fprintf(out, " 1\n");
 772        }
 773
 774        fprintf(out, "# burn CSK selection\n");
 775
 776        idx = image_get_csk_index();
 777        if (idx < 0 || idx > 15) {
 778                ret = -EINVAL;
 779                goto done;
 780        }
 781        if (idx > 0) {
 782                for (fuse_line = 31; fuse_line < 31 + idx; ++fuse_line)
 783                        fprintf(out, "fuse prog -y %u 0 00000001 00000000 1\n",
 784                                fuse_line);
 785        } else {
 786                fprintf(out, "# CSK index is 0; no mods needed\n");
 787        }
 788
 789        e = image_find_option(IMAGE_CFG_BOX_ID);
 790        if (e) {
 791                fprintf(out, "# set box ID\n");
 792                fprintf(out, "fuse prog -y 48 0 %08x 00000000 1\n", e->boxid);
 793        }
 794
 795        e = image_find_option(IMAGE_CFG_FLASH_ID);
 796        if (e) {
 797                fprintf(out, "# set flash ID\n");
 798                fprintf(out, "fuse prog -y 47 0 %08x 00000000 1\n", e->flashid);
 799        }
 800
 801        fprintf(out, "# enable secure mode ");
 802        fprintf(out, "(must be the last fuse line written)\n");
 803
 804        val = 1;
 805        e = image_find_option(IMAGE_CFG_SEC_BOOT_DEV);
 806        if (!e) {
 807                fprintf(stderr, "ERROR: secured mode boot device not given\n");
 808                ret = -EINVAL;
 809                goto done;
 810        }
 811
 812        if (e->sec_boot_dev > 0xff) {
 813                fprintf(stderr, "ERROR: secured mode boot device invalid\n");
 814                ret = -EINVAL;
 815                goto done;
 816        }
 817
 818        val |= (e->sec_boot_dev << 8);
 819
 820        fprintf(out, "fuse prog -y 24 0 %08x 0103e0a9 1\n", val);
 821
 822        fprintf(out, "# lock (unused) fuse lines (0-23)s\n");
 823        for (fuse_line = 0; fuse_line < 24; ++fuse_line)
 824                fprintf(out, "fuse prog -y %u 2 1\n", fuse_line);
 825
 826        fprintf(out, "# OK, that's all :-)\n");
 827
 828done:
 829        return ret;
 830}
 831
 832static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
 833{
 834        int ret = 0;
 835        struct image_cfg_element *e;
 836
 837        e = image_find_option(IMAGE_CFG_SEC_FUSE_DUMP);
 838        if (!e)
 839                return 0;
 840
 841        if (!strcmp(e->name, "a38x")) {
 842                FILE *out = fopen("kwb_fuses_a38x.txt", "w+");
 843
 844                kwb_dump_fuse_cmds_38x(out, sec_hdr);
 845                fclose(out);
 846                goto done;
 847        }
 848
 849        ret = -ENOSYS;
 850
 851done:
 852        return ret;
 853}
 854
 855#endif
 856
 857static void *image_create_v0(size_t *imagesz, struct image_tool_params *params,
 858                             int payloadsz)
 859{
 860        struct image_cfg_element *e;
 861        size_t headersz;
 862        struct main_hdr_v0 *main_hdr;
 863        uint8_t *image;
 864        int has_ext = 0;
 865
 866        /*
 867         * Calculate the size of the header and the size of the
 868         * payload
 869         */
 870        headersz  = sizeof(struct main_hdr_v0);
 871
 872        if (image_count_options(IMAGE_CFG_DATA) > 0) {
 873                has_ext = 1;
 874                headersz += sizeof(struct ext_hdr_v0);
 875        }
 876
 877        if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
 878                fprintf(stderr, "More than one payload, not possible\n");
 879                return NULL;
 880        }
 881
 882        image = malloc(headersz);
 883        if (!image) {
 884                fprintf(stderr, "Cannot allocate memory for image\n");
 885                return NULL;
 886        }
 887
 888        memset(image, 0, headersz);
 889
 890        main_hdr = (struct main_hdr_v0 *)image;
 891
 892        /* Fill in the main header */
 893        main_hdr->blocksize =
 894                cpu_to_le32(payloadsz + sizeof(uint32_t) - headersz);
 895        main_hdr->srcaddr   = cpu_to_le32(headersz);
 896        main_hdr->ext       = has_ext;
 897        main_hdr->destaddr  = cpu_to_le32(params->addr);
 898        main_hdr->execaddr  = cpu_to_le32(params->ep);
 899
 900        e = image_find_option(IMAGE_CFG_BOOT_FROM);
 901        if (e)
 902                main_hdr->blockid = e->bootfrom;
 903        e = image_find_option(IMAGE_CFG_NAND_ECC_MODE);
 904        if (e)
 905                main_hdr->nandeccmode = e->nandeccmode;
 906        e = image_find_option(IMAGE_CFG_NAND_PAGESZ);
 907        if (e)
 908                main_hdr->nandpagesize = cpu_to_le16(e->nandpagesz);
 909        main_hdr->checksum = image_checksum8(image,
 910                                             sizeof(struct main_hdr_v0));
 911
 912        /* Generate the ext header */
 913        if (has_ext) {
 914                struct ext_hdr_v0 *ext_hdr;
 915                int cfgi, datai;
 916
 917                ext_hdr = (struct ext_hdr_v0 *)
 918                                (image + sizeof(struct main_hdr_v0));
 919                ext_hdr->offset = cpu_to_le32(0x40);
 920
 921                for (cfgi = 0, datai = 0; cfgi < cfgn; cfgi++) {
 922                        e = &image_cfg[cfgi];
 923                        if (e->type != IMAGE_CFG_DATA)
 924                                continue;
 925
 926                        ext_hdr->rcfg[datai].raddr =
 927                                cpu_to_le32(e->regdata.raddr);
 928                        ext_hdr->rcfg[datai].rdata =
 929                                cpu_to_le32(e->regdata.rdata);
 930                        datai++;
 931                }
 932
 933                ext_hdr->checksum = image_checksum8(ext_hdr,
 934                                                    sizeof(struct ext_hdr_v0));
 935        }
 936
 937        *imagesz = headersz;
 938        return image;
 939}
 940
 941static size_t image_headersz_v1(int *hasext)
 942{
 943        struct image_cfg_element *binarye;
 944        size_t headersz;
 945
 946        /*
 947         * Calculate the size of the header and the size of the
 948         * payload
 949         */
 950        headersz = sizeof(struct main_hdr_v1);
 951
 952        if (image_count_options(IMAGE_CFG_BINARY) > 1) {
 953                fprintf(stderr, "More than one binary blob, not supported\n");
 954                return 0;
 955        }
 956
 957        if (image_count_options(IMAGE_CFG_PAYLOAD) > 1) {
 958                fprintf(stderr, "More than one payload, not possible\n");
 959                return 0;
 960        }
 961
 962        binarye = image_find_option(IMAGE_CFG_BINARY);
 963        if (binarye) {
 964                int ret;
 965                struct stat s;
 966
 967                ret = stat(binarye->binary.file, &s);
 968                if (ret < 0) {
 969                        char cwd[PATH_MAX];
 970                        char *dir = cwd;
 971
 972                        memset(cwd, 0, sizeof(cwd));
 973                        if (!getcwd(cwd, sizeof(cwd))) {
 974                                dir = "current working directory";
 975                                perror("getcwd() failed");
 976                        }
 977
 978                        fprintf(stderr,
 979                                "Didn't find the file '%s' in '%s' which is mandatory to generate the image\n"
 980                                "This file generally contains the DDR3 training code, and should be extracted from an existing bootable\n"
 981                                "image for your board. See 'kwbimage -x' to extract it from an existing image.\n",
 982                                binarye->binary.file, dir);
 983                        return 0;
 984                }
 985
 986                headersz += sizeof(struct opt_hdr_v1) +
 987                        s.st_size +
 988                        (binarye->binary.nargs + 2) * sizeof(uint32_t);
 989                if (hasext)
 990                        *hasext = 1;
 991        }
 992
 993#if defined(CONFIG_KWB_SECURE)
 994        if (image_get_csk_index() >= 0) {
 995                headersz += sizeof(struct secure_hdr_v1);
 996                if (hasext)
 997                        *hasext = 1;
 998        }
 999#endif
1000
1001#if defined(CONFIG_SYS_U_BOOT_OFFS)
1002        if (headersz > CONFIG_SYS_U_BOOT_OFFS) {
1003                fprintf(stderr,
1004                        "Error: Image header (incl. SPL image) too big!\n");
1005                fprintf(stderr, "header=0x%x CONFIG_SYS_U_BOOT_OFFS=0x%x!\n",
1006                        (int)headersz, CONFIG_SYS_U_BOOT_OFFS);
1007                fprintf(stderr, "Increase CONFIG_SYS_U_BOOT_OFFS!\n");
1008                return 0;
1009        }
1010
1011        headersz = CONFIG_SYS_U_BOOT_OFFS;
1012#endif
1013
1014        /*
1015         * The payload should be aligned on some reasonable
1016         * boundary
1017         */
1018        return ALIGN_SUP(headersz, 4096);
1019}
1020
1021int add_binary_header_v1(uint8_t *cur)
1022{
1023        struct image_cfg_element *binarye;
1024        struct opt_hdr_v1 *hdr = (struct opt_hdr_v1 *)cur;
1025        uint32_t *args;
1026        size_t binhdrsz;
1027        struct stat s;
1028        int argi;
1029        FILE *bin;
1030        int ret;
1031
1032        binarye = image_find_option(IMAGE_CFG_BINARY);
1033
1034        if (!binarye)
1035                return 0;
1036
1037        hdr->headertype = OPT_HDR_V1_BINARY_TYPE;
1038
1039        bin = fopen(binarye->binary.file, "r");
1040        if (!bin) {
1041                fprintf(stderr, "Cannot open binary file %s\n",
1042                        binarye->binary.file);
1043                return -1;
1044        }
1045
1046        if (fstat(fileno(bin), &s)) {
1047                fprintf(stderr, "Cannot stat binary file %s\n",
1048                        binarye->binary.file);
1049                goto err_close;
1050        }
1051
1052        binhdrsz = sizeof(struct opt_hdr_v1) +
1053                (binarye->binary.nargs + 2) * sizeof(uint32_t) +
1054                s.st_size;
1055
1056        /*
1057         * The size includes the binary image size, rounded
1058         * up to a 4-byte boundary. Plus 4 bytes for the
1059         * next-header byte and 3-byte alignment at the end.
1060         */
1061        binhdrsz = ALIGN_SUP(binhdrsz, 4) + 4;
1062        hdr->headersz_lsb = cpu_to_le16(binhdrsz & 0xFFFF);
1063        hdr->headersz_msb = (binhdrsz & 0xFFFF0000) >> 16;
1064
1065        cur += sizeof(struct opt_hdr_v1);
1066
1067        args = (uint32_t *)cur;
1068        *args = cpu_to_le32(binarye->binary.nargs);
1069        args++;
1070        for (argi = 0; argi < binarye->binary.nargs; argi++)
1071                args[argi] = cpu_to_le32(binarye->binary.args[argi]);
1072
1073        cur += (binarye->binary.nargs + 1) * sizeof(uint32_t);
1074
1075        ret = fread(cur, s.st_size, 1, bin);
1076        if (ret != 1) {
1077                fprintf(stderr,
1078                        "Could not read binary image %s\n",
1079                        binarye->binary.file);
1080                goto err_close;
1081        }
1082
1083        fclose(bin);
1084
1085        cur += ALIGN_SUP(s.st_size, 4);
1086
1087        /*
1088         * For now, we don't support more than one binary
1089         * header, and no other header types are
1090         * supported. So, the binary header is necessarily the
1091         * last one
1092         */
1093        *((uint32_t *)cur) = 0x00000000;
1094
1095        cur += sizeof(uint32_t);
1096
1097        return 0;
1098
1099err_close:
1100        fclose(bin);
1101
1102        return -1;
1103}
1104
1105#if defined(CONFIG_KWB_SECURE)
1106
1107int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
1108{
1109        FILE *hashf;
1110        int res;
1111
1112        hashf = fopen("pub_kak_hash.txt", "w");
1113
1114        res = kwb_export_pubkey(kak, &secure_hdr->kak, hashf, "KAK");
1115
1116        fclose(hashf);
1117
1118        return res < 0 ? 1 : 0;
1119}
1120
1121int kwb_sign_csk_with_kak(struct image_tool_params *params,
1122                          struct secure_hdr_v1 *secure_hdr, RSA *csk)
1123{
1124        RSA *kak = NULL;
1125        RSA *kak_pub = NULL;
1126        int csk_idx = image_get_csk_index();
1127        struct sig_v1 tmp_sig;
1128
1129        if (csk_idx >= 16) {
1130                fprintf(stderr, "Invalid CSK index %d\n", csk_idx);
1131                return 1;
1132        }
1133
1134        if (kwb_load_kak(params, &kak) < 0)
1135                return 1;
1136
1137        if (export_pub_kak_hash(kak, secure_hdr))
1138                return 1;
1139
1140        if (kwb_import_pubkey(&kak_pub, &secure_hdr->kak, "KAK") < 0)
1141                return 1;
1142
1143        if (kwb_export_pubkey(csk, &secure_hdr->csk[csk_idx], NULL, "CSK") < 0)
1144                return 1;
1145
1146        if (kwb_sign_and_verify(kak, &secure_hdr->csk,
1147                                sizeof(secure_hdr->csk) +
1148                                sizeof(secure_hdr->csksig),
1149                                &tmp_sig, "CSK") < 0)
1150                return 1;
1151
1152        if (kwb_verify(kak_pub, &secure_hdr->csk,
1153                       sizeof(secure_hdr->csk) +
1154                       sizeof(secure_hdr->csksig),
1155                       &tmp_sig, "CSK (2)") < 0)
1156                return 1;
1157
1158        secure_hdr->csksig = tmp_sig;
1159
1160        return 0;
1161}
1162
1163int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
1164                         int payloadsz, size_t headersz, uint8_t *image,
1165                         struct secure_hdr_v1 *secure_hdr)
1166{
1167        struct image_cfg_element *e_jtagdelay;
1168        struct image_cfg_element *e_boxid;
1169        struct image_cfg_element *e_flashid;
1170        RSA *csk = NULL;
1171        unsigned char *image_ptr;
1172        size_t image_size;
1173        struct sig_v1 tmp_sig;
1174        bool specialized_img = image_get_spezialized_img();
1175
1176        kwb_msg("Create secure header content\n");
1177
1178        e_jtagdelay = image_find_option(IMAGE_CFG_JTAG_DELAY);
1179        e_boxid = image_find_option(IMAGE_CFG_BOX_ID);
1180        e_flashid = image_find_option(IMAGE_CFG_FLASH_ID);
1181
1182        if (kwb_load_csk(params, &csk) < 0)
1183                return 1;
1184
1185        secure_hdr->headertype = OPT_HDR_V1_SECURE_TYPE;
1186        secure_hdr->headersz_msb = 0;
1187        secure_hdr->headersz_lsb = cpu_to_le16(sizeof(struct secure_hdr_v1));
1188        if (e_jtagdelay)
1189                secure_hdr->jtag_delay = e_jtagdelay->jtag_delay;
1190        if (e_boxid && specialized_img)
1191                secure_hdr->boxid = cpu_to_le32(e_boxid->boxid);
1192        if (e_flashid && specialized_img)
1193                secure_hdr->flashid = cpu_to_le32(e_flashid->flashid);
1194
1195        if (kwb_sign_csk_with_kak(params, secure_hdr, csk))
1196                return 1;
1197
1198        image_ptr = ptr + headersz;
1199        image_size = payloadsz - headersz;
1200
1201        if (kwb_sign_and_verify(csk, image_ptr, image_size,
1202                                &secure_hdr->imgsig, "image") < 0)
1203                return 1;
1204
1205        if (kwb_sign_and_verify(csk, image, headersz, &tmp_sig, "header") < 0)
1206                return 1;
1207
1208        secure_hdr->hdrsig = tmp_sig;
1209
1210        kwb_dump_fuse_cmds(secure_hdr);
1211
1212        return 0;
1213}
1214#endif
1215
1216static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
1217                             uint8_t *ptr, int payloadsz)
1218{
1219        struct image_cfg_element *e;
1220        struct main_hdr_v1 *main_hdr;
1221#if defined(CONFIG_KWB_SECURE)
1222        struct secure_hdr_v1 *secure_hdr = NULL;
1223#endif
1224        size_t headersz;
1225        uint8_t *image, *cur;
1226        int hasext = 0;
1227        uint8_t *next_ext = NULL;
1228
1229        /*
1230         * Calculate the size of the header and the size of the
1231         * payload
1232         */
1233        headersz = image_headersz_v1(&hasext);
1234        if (headersz == 0)
1235                return NULL;
1236
1237        image = malloc(headersz);
1238        if (!image) {
1239                fprintf(stderr, "Cannot allocate memory for image\n");
1240                return NULL;
1241        }
1242
1243        memset(image, 0, headersz);
1244
1245        main_hdr = (struct main_hdr_v1 *)image;
1246        cur = image;
1247        cur += sizeof(struct main_hdr_v1);
1248        next_ext = &main_hdr->ext;
1249
1250        /* Fill the main header */
1251        main_hdr->blocksize    =
1252                cpu_to_le32(payloadsz - headersz + sizeof(uint32_t));
1253        main_hdr->headersz_lsb = cpu_to_le16(headersz & 0xFFFF);
1254        main_hdr->headersz_msb = (headersz & 0xFFFF0000) >> 16;
1255        main_hdr->destaddr     = cpu_to_le32(params->addr)
1256                                 - sizeof(image_header_t);
1257        main_hdr->execaddr     = cpu_to_le32(params->ep);
1258        main_hdr->srcaddr      = cpu_to_le32(headersz);
1259        main_hdr->ext          = hasext;
1260        main_hdr->version      = 1;
1261        e = image_find_option(IMAGE_CFG_BOOT_FROM);
1262        if (e)
1263                main_hdr->blockid = e->bootfrom;
1264        e = image_find_option(IMAGE_CFG_NAND_BLKSZ);
1265        if (e)
1266                main_hdr->nandblocksize = e->nandblksz / (64 * 1024);
1267        e = image_find_option(IMAGE_CFG_NAND_BADBLK_LOCATION);
1268        if (e)
1269                main_hdr->nandbadblklocation = e->nandbadblklocation;
1270        e = image_find_option(IMAGE_CFG_BAUDRATE);
1271        if (e)
1272                main_hdr->options = baudrate_to_option(e->baudrate);
1273        e = image_find_option(IMAGE_CFG_DEBUG);
1274        if (e)
1275                main_hdr->flags = e->debug ? 0x1 : 0;
1276
1277#if defined(CONFIG_KWB_SECURE)
1278        if (image_get_csk_index() >= 0) {
1279                /*
1280                 * only reserve the space here; we fill the header later since
1281                 * we need the header to be complete to compute the signatures
1282                 */
1283                secure_hdr = (struct secure_hdr_v1 *)cur;
1284                cur += sizeof(struct secure_hdr_v1);
1285                next_ext = &secure_hdr->next;
1286        }
1287#endif
1288        *next_ext = 1;
1289
1290        if (add_binary_header_v1(cur))
1291                return NULL;
1292
1293#if defined(CONFIG_KWB_SECURE)
1294        if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz,
1295                                               headersz, image, secure_hdr))
1296                return NULL;
1297#endif
1298
1299        /* Calculate and set the header checksum */
1300        main_hdr->checksum = image_checksum8(main_hdr, headersz);
1301
1302        *imagesz = headersz;
1303        return image;
1304}
1305
1306int recognize_keyword(char *keyword)
1307{
1308        int kw_id;
1309
1310        for (kw_id = 1; kw_id < IMAGE_CFG_COUNT; ++kw_id)
1311                if (!strcmp(keyword, id_strs[kw_id]))
1312                        return kw_id;
1313
1314        return 0;
1315}
1316
1317static int image_create_config_parse_oneline(char *line,
1318                                             struct image_cfg_element *el)
1319{
1320        char *keyword, *saveptr, *value1, *value2;
1321        char delimiters[] = " \t";
1322        int keyword_id, ret, argi;
1323        char *unknown_msg = "Ignoring unknown line '%s'\n";
1324
1325        keyword = strtok_r(line, delimiters, &saveptr);
1326        keyword_id = recognize_keyword(keyword);
1327
1328        if (!keyword_id) {
1329                fprintf(stderr, unknown_msg, line);
1330                return 0;
1331        }
1332
1333        el->type = keyword_id;
1334
1335        value1 = strtok_r(NULL, delimiters, &saveptr);
1336
1337        if (!value1) {
1338                fprintf(stderr, "Parameter missing in line '%s'\n", line);
1339                return -1;
1340        }
1341
1342        switch (keyword_id) {
1343        case IMAGE_CFG_VERSION:
1344                el->version = atoi(value1);
1345                break;
1346        case IMAGE_CFG_BOOT_FROM:
1347                ret = image_boot_mode_id(value1);
1348
1349                if (ret < 0) {
1350                        fprintf(stderr, "Invalid boot media '%s'\n", value1);
1351                        return -1;
1352                }
1353                el->bootfrom = ret;
1354                break;
1355        case IMAGE_CFG_NAND_BLKSZ:
1356                el->nandblksz = strtoul(value1, NULL, 16);
1357                break;
1358        case IMAGE_CFG_NAND_BADBLK_LOCATION:
1359                el->nandbadblklocation = strtoul(value1, NULL, 16);
1360                break;
1361        case IMAGE_CFG_NAND_ECC_MODE:
1362                ret = image_nand_ecc_mode_id(value1);
1363
1364                if (ret < 0) {
1365                        fprintf(stderr, "Invalid NAND ECC mode '%s'\n", value1);
1366                        return -1;
1367                }
1368                el->nandeccmode = ret;
1369                break;
1370        case IMAGE_CFG_NAND_PAGESZ:
1371                el->nandpagesz = strtoul(value1, NULL, 16);
1372                break;
1373        case IMAGE_CFG_BINARY:
1374                argi = 0;
1375
1376                el->binary.file = strdup(value1);
1377                while (1) {
1378                        char *value = strtok_r(NULL, delimiters, &saveptr);
1379
1380                        if (!value)
1381                                break;
1382                        el->binary.args[argi] = strtoul(value, NULL, 16);
1383                        argi++;
1384                        if (argi >= BINARY_MAX_ARGS) {
1385                                fprintf(stderr,
1386                                        "Too many arguments for BINARY\n");
1387                                return -1;
1388                        }
1389                }
1390                el->binary.nargs = argi;
1391                break;
1392        case IMAGE_CFG_DATA:
1393                value2 = strtok_r(NULL, delimiters, &saveptr);
1394
1395                if (!value1 || !value2) {
1396                        fprintf(stderr,
1397                                "Invalid number of arguments for DATA\n");
1398                        return -1;
1399                }
1400
1401                el->regdata.raddr = strtoul(value1, NULL, 16);
1402                el->regdata.rdata = strtoul(value2, NULL, 16);
1403                break;
1404        case IMAGE_CFG_BAUDRATE:
1405                el->baudrate = strtoul(value1, NULL, 10);
1406                break;
1407        case IMAGE_CFG_DEBUG:
1408                el->debug = strtoul(value1, NULL, 10);
1409                break;
1410        case IMAGE_CFG_KAK:
1411                el->key_name = strdup(value1);
1412                break;
1413        case IMAGE_CFG_CSK:
1414                el->key_name = strdup(value1);
1415                break;
1416        case IMAGE_CFG_CSK_INDEX:
1417                el->csk_idx = strtol(value1, NULL, 0);
1418                break;
1419        case IMAGE_CFG_JTAG_DELAY:
1420                el->jtag_delay = strtoul(value1, NULL, 0);
1421                break;
1422        case IMAGE_CFG_BOX_ID:
1423                el->boxid = strtoul(value1, NULL, 0);
1424                break;
1425        case IMAGE_CFG_FLASH_ID:
1426                el->flashid = strtoul(value1, NULL, 0);
1427                break;
1428        case IMAGE_CFG_SEC_SPECIALIZED_IMG:
1429                el->sec_specialized_img = true;
1430                break;
1431        case IMAGE_CFG_SEC_COMMON_IMG:
1432                el->sec_specialized_img = false;
1433                break;
1434        case IMAGE_CFG_SEC_BOOT_DEV:
1435                el->sec_boot_dev = strtoul(value1, NULL, 0);
1436                break;
1437        case IMAGE_CFG_SEC_FUSE_DUMP:
1438                el->name = strdup(value1);
1439                break;
1440        default:
1441                fprintf(stderr, unknown_msg, line);
1442        }
1443
1444        return 0;
1445}
1446
1447/*
1448 * Parse the configuration file 'fcfg' into the array of configuration
1449 * elements 'image_cfg', and return the number of configuration
1450 * elements in 'cfgn'.
1451 */
1452static int image_create_config_parse(FILE *fcfg)
1453{
1454        int ret;
1455        int cfgi = 0;
1456
1457        /* Parse the configuration file */
1458        while (!feof(fcfg)) {
1459                char *line;
1460                char buf[256];
1461
1462                /* Read the current line */
1463                memset(buf, 0, sizeof(buf));
1464                line = fgets(buf, sizeof(buf), fcfg);
1465                if (!line)
1466                        break;
1467
1468                /* Ignore useless lines */
1469                if (line[0] == '\n' || line[0] == '#')
1470                        continue;
1471
1472                /* Strip final newline */
1473                if (line[strlen(line) - 1] == '\n')
1474                        line[strlen(line) - 1] = 0;
1475
1476                /* Parse the current line */
1477                ret = image_create_config_parse_oneline(line,
1478                                                        &image_cfg[cfgi]);
1479                if (ret)
1480                        return ret;
1481
1482                cfgi++;
1483
1484                if (cfgi >= IMAGE_CFG_ELEMENT_MAX) {
1485                        fprintf(stderr,
1486                                "Too many configuration elements in .cfg file\n");
1487                        return -1;
1488                }
1489        }
1490
1491        cfgn = cfgi;
1492        return 0;
1493}
1494
1495static int image_get_version(void)
1496{
1497        struct image_cfg_element *e;
1498
1499        e = image_find_option(IMAGE_CFG_VERSION);
1500        if (!e)
1501                return -1;
1502
1503        return e->version;
1504}
1505
1506static void kwbimage_set_header(void *ptr, struct stat *sbuf, int ifd,
1507                                struct image_tool_params *params)
1508{
1509        FILE *fcfg;
1510        void *image = NULL;
1511        int version;
1512        size_t headersz = 0;
1513        uint32_t checksum;
1514        int ret;
1515        int size;
1516
1517        fcfg = fopen(params->imagename, "r");
1518        if (!fcfg) {
1519                fprintf(stderr, "Could not open input file %s\n",
1520                        params->imagename);
1521                exit(EXIT_FAILURE);
1522        }
1523
1524        image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
1525                           sizeof(struct image_cfg_element));
1526        if (!image_cfg) {
1527                fprintf(stderr, "Cannot allocate memory\n");
1528                fclose(fcfg);
1529                exit(EXIT_FAILURE);
1530        }
1531
1532        memset(image_cfg, 0,
1533               IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
1534        rewind(fcfg);
1535
1536        ret = image_create_config_parse(fcfg);
1537        fclose(fcfg);
1538        if (ret) {
1539                free(image_cfg);
1540                exit(EXIT_FAILURE);
1541        }
1542
1543        /* The MVEBU BootROM does not allow non word aligned payloads */
1544        sbuf->st_size = ALIGN_SUP(sbuf->st_size, 4);
1545
1546        version = image_get_version();
1547        switch (version) {
1548                /*
1549                 * Fallback to version 0 if no version is provided in the
1550                 * cfg file
1551                 */
1552        case -1:
1553        case 0:
1554                image = image_create_v0(&headersz, params, sbuf->st_size);
1555                break;
1556
1557        case 1:
1558                image = image_create_v1(&headersz, params, ptr, sbuf->st_size);
1559                break;
1560
1561        default:
1562                fprintf(stderr, "Unsupported version %d\n", version);
1563                free(image_cfg);
1564                exit(EXIT_FAILURE);
1565        }
1566
1567        if (!image) {
1568                fprintf(stderr, "Could not create image\n");
1569                free(image_cfg);
1570                exit(EXIT_FAILURE);
1571        }
1572
1573        free(image_cfg);
1574
1575        /* Build and add image checksum header */
1576        checksum =
1577                cpu_to_le32(image_checksum32((uint32_t *)ptr, sbuf->st_size));
1578        size = write(ifd, &checksum, sizeof(uint32_t));
1579        if (size != sizeof(uint32_t)) {
1580                fprintf(stderr, "Error:%s - Checksum write %d bytes %s\n",
1581                        params->cmdname, size, params->imagefile);
1582                exit(EXIT_FAILURE);
1583        }
1584
1585        sbuf->st_size += sizeof(uint32_t);
1586
1587        /* Finally copy the header into the image area */
1588        memcpy(ptr, image, headersz);
1589
1590        free(image);
1591}
1592
1593static void kwbimage_print_header(const void *ptr)
1594{
1595        struct main_hdr_v0 *mhdr = (struct main_hdr_v0 *)ptr;
1596
1597        printf("Image Type:   MVEBU Boot from %s Image\n",
1598               image_boot_mode_name(mhdr->blockid));
1599        printf("Image version:%d\n", image_version((void *)ptr));
1600        printf("Data Size:    ");
1601        genimg_print_size(mhdr->blocksize - sizeof(uint32_t));
1602        printf("Load Address: %08x\n", mhdr->destaddr);
1603        printf("Entry Point:  %08x\n", mhdr->execaddr);
1604}
1605
1606static int kwbimage_check_image_types(uint8_t type)
1607{
1608        if (type == IH_TYPE_KWBIMAGE)
1609                return EXIT_SUCCESS;
1610
1611        return EXIT_FAILURE;
1612}
1613
1614static int kwbimage_verify_header(unsigned char *ptr, int image_size,
1615                                  struct image_tool_params *params)
1616{
1617        uint8_t checksum;
1618        size_t header_size = kwbimage_header_size(ptr);
1619
1620        if (header_size > image_size)
1621                return -FDT_ERR_BADSTRUCTURE;
1622
1623        if (!main_hdr_checksum_ok(ptr))
1624                return -FDT_ERR_BADSTRUCTURE;
1625
1626        /* Only version 0 extended header has checksum */
1627        if (image_version((void *)ptr) == 0) {
1628                struct ext_hdr_v0 *ext_hdr;
1629
1630                ext_hdr = (struct ext_hdr_v0 *)
1631                                (ptr + sizeof(struct main_hdr_v0));
1632                checksum = image_checksum8(ext_hdr,
1633                                           sizeof(struct ext_hdr_v0)
1634                                           - sizeof(uint8_t));
1635                if (checksum != ext_hdr->checksum)
1636                        return -FDT_ERR_BADSTRUCTURE;
1637        }
1638
1639        return 0;
1640}
1641
1642static int kwbimage_generate(struct image_tool_params *params,
1643                             struct image_type_params *tparams)
1644{
1645        FILE *fcfg;
1646        int alloc_len;
1647        int version;
1648        void *hdr;
1649        int ret;
1650
1651        fcfg = fopen(params->imagename, "r");
1652        if (!fcfg) {
1653                fprintf(stderr, "Could not open input file %s\n",
1654                        params->imagename);
1655                exit(EXIT_FAILURE);
1656        }
1657
1658        image_cfg = malloc(IMAGE_CFG_ELEMENT_MAX *
1659                           sizeof(struct image_cfg_element));
1660        if (!image_cfg) {
1661                fprintf(stderr, "Cannot allocate memory\n");
1662                fclose(fcfg);
1663                exit(EXIT_FAILURE);
1664        }
1665
1666        memset(image_cfg, 0,
1667               IMAGE_CFG_ELEMENT_MAX * sizeof(struct image_cfg_element));
1668        rewind(fcfg);
1669
1670        ret = image_create_config_parse(fcfg);
1671        fclose(fcfg);
1672        if (ret) {
1673                free(image_cfg);
1674                exit(EXIT_FAILURE);
1675        }
1676
1677        version = image_get_version();
1678        switch (version) {
1679                /*
1680                 * Fallback to version 0 if no version is provided in the
1681                 * cfg file
1682                 */
1683        case -1:
1684        case 0:
1685                alloc_len = sizeof(struct main_hdr_v0) +
1686                        sizeof(struct ext_hdr_v0);
1687                break;
1688
1689        case 1:
1690                alloc_len = image_headersz_v1(NULL);
1691                break;
1692
1693        default:
1694                fprintf(stderr, "Unsupported version %d\n", version);
1695                free(image_cfg);
1696                exit(EXIT_FAILURE);
1697        }
1698
1699        free(image_cfg);
1700
1701        hdr = malloc(alloc_len);
1702        if (!hdr) {
1703                fprintf(stderr, "%s: malloc return failure: %s\n",
1704                        params->cmdname, strerror(errno));
1705                exit(EXIT_FAILURE);
1706        }
1707
1708        memset(hdr, 0, alloc_len);
1709        tparams->header_size = alloc_len;
1710        tparams->hdr = hdr;
1711
1712        /*
1713         * The resulting image needs to be 4-byte aligned. At least
1714         * the Marvell hdrparser tool complains if its unaligned.
1715         * By returning 1 here in this function, called via
1716         * tparams->vrec_header() in mkimage.c, mkimage will
1717         * automatically pad the the resulting image to a 4-byte
1718         * size if necessary.
1719         */
1720        return 1;
1721}
1722
1723/*
1724 * Report Error if xflag is set in addition to default
1725 */
1726static int kwbimage_check_params(struct image_tool_params *params)
1727{
1728        if (!strlen(params->imagename)) {
1729                char *msg = "Configuration file for kwbimage creation omitted";
1730
1731                fprintf(stderr, "Error:%s - %s\n", params->cmdname, msg);
1732                return CFG_INVALID;
1733        }
1734
1735        return (params->dflag && (params->fflag || params->lflag)) ||
1736                (params->fflag && (params->dflag || params->lflag)) ||
1737                (params->lflag && (params->dflag || params->fflag)) ||
1738                (params->xflag) || !(strlen(params->imagename));
1739}
1740
1741/*
1742 * kwbimage type parameters definition
1743 */
1744U_BOOT_IMAGE_TYPE(
1745        kwbimage,
1746        "Marvell MVEBU Boot Image support",
1747        0,
1748        NULL,
1749        kwbimage_check_params,
1750        kwbimage_verify_header,
1751        kwbimage_print_header,
1752        kwbimage_set_header,
1753        NULL,
1754        kwbimage_check_image_types,
1755        NULL,
1756        kwbimage_generate
1757);
1758