1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Freescale i.MX23/i.MX28 SB image generator
4 *
5 * Copyright (C) 2012-2013 Marek Vasut <marex@denx.de>
6 */
7
8 #ifdef CONFIG_MXS
9
10 #include <errno.h>
11 #include <fcntl.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <unistd.h>
15 #include <limits.h>
16
17 #include <openssl/evp.h>
18
19 #include "imagetool.h"
20 #include "mxsimage.h"
21 #include "pbl_crc32.h"
22 #include <image.h>
23
24 /*
25 * OpenSSL 1.1.0 and newer compatibility functions:
26 * https://wiki.openssl.org/index.php/1.1_API_Changes
27 */
28 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
29 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
OPENSSL_zalloc(size_t num)30 static void *OPENSSL_zalloc(size_t num)
31 {
32 void *ret = OPENSSL_malloc(num);
33
34 if (ret != NULL)
35 memset(ret, 0, num);
36 return ret;
37 }
38
EVP_MD_CTX_new(void)39 EVP_MD_CTX *EVP_MD_CTX_new(void)
40 {
41 return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
42 }
43
EVP_MD_CTX_free(EVP_MD_CTX * ctx)44 void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
45 {
46 EVP_MD_CTX_cleanup(ctx);
47 OPENSSL_free(ctx);
48 }
49
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX * ctx)50 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
51 {
52 return EVP_CIPHER_CTX_cleanup(ctx);
53 }
54 #endif
55
56 /*
57 * DCD block
58 * |-Write to address command block
59 * | 0xf00 == 0xf33d
60 * | 0xba2 == 0xb33f
61 * |-ORR address with mask command block
62 * | 0xf00 |= 0x1337
63 * |-Write to address command block
64 * | 0xba2 == 0xd00d
65 * :
66 */
67 #define SB_HAB_DCD_WRITE 0xccUL
68 #define SB_HAB_DCD_CHECK 0xcfUL
69 #define SB_HAB_DCD_NOOP 0xc0UL
70 #define SB_HAB_DCD_MASK_BIT (1 << 3)
71 #define SB_HAB_DCD_SET_BIT (1 << 4)
72
73 /* Addr.n = Value.n */
74 #define SB_DCD_WRITE \
75 (SB_HAB_DCD_WRITE << 24)
76 /* Addr.n &= ~Value.n */
77 #define SB_DCD_ANDC \
78 ((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT)
79 /* Addr.n |= Value.n */
80 #define SB_DCD_ORR \
81 ((SB_HAB_DCD_WRITE << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
82 /* (Addr.n & Value.n) == 0 */
83 #define SB_DCD_CHK_EQZ \
84 (SB_HAB_DCD_CHECK << 24)
85 /* (Addr.n & Value.n) == Value.n */
86 #define SB_DCD_CHK_EQ \
87 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT)
88 /* (Addr.n & Value.n) != Value.n */
89 #define SB_DCD_CHK_NEQ \
90 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_MASK_BIT)
91 /* (Addr.n & Value.n) != 0 */
92 #define SB_DCD_CHK_NEZ \
93 ((SB_HAB_DCD_CHECK << 24) | SB_HAB_DCD_SET_BIT | SB_HAB_DCD_MASK_BIT)
94 /* NOP */
95 #define SB_DCD_NOOP \
96 (SB_HAB_DCD_NOOP << 24)
97
98 struct sb_dcd_ctx {
99 struct sb_dcd_ctx *dcd;
100
101 uint32_t id;
102
103 /* The DCD block. */
104 uint32_t *payload;
105 /* Size of the whole DCD block. */
106 uint32_t size;
107
108 /* Pointer to previous DCD command block. */
109 uint32_t *prev_dcd_head;
110 };
111
112 /*
113 * IMAGE
114 * |-SECTION
115 * | |-CMD
116 * | |-CMD
117 * | `-CMD
118 * |-SECTION
119 * | |-CMD
120 * : :
121 */
122 struct sb_cmd_list {
123 char *cmd;
124 size_t len;
125 unsigned int lineno;
126 };
127
128 struct sb_cmd_ctx {
129 uint32_t size;
130
131 struct sb_cmd_ctx *cmd;
132
133 uint8_t *data;
134 uint32_t length;
135
136 struct sb_command payload;
137 struct sb_command c_payload;
138 };
139
140 struct sb_section_ctx {
141 uint32_t size;
142
143 /* Section flags */
144 unsigned int boot:1;
145
146 struct sb_section_ctx *sect;
147
148 struct sb_cmd_ctx *cmd_head;
149 struct sb_cmd_ctx *cmd_tail;
150
151 struct sb_sections_header payload;
152 };
153
154 struct sb_image_ctx {
155 unsigned int in_section:1;
156 unsigned int in_dcd:1;
157 /* Image configuration */
158 unsigned int display_progress:1;
159 unsigned int silent_dump:1;
160 char *input_filename;
161 char *output_filename;
162 char *cfg_filename;
163 uint8_t image_key[16];
164
165 /* Number of section in the image */
166 unsigned int sect_count;
167 /* Bootable section */
168 unsigned int sect_boot;
169 unsigned int sect_boot_found:1;
170
171 struct sb_section_ctx *sect_head;
172 struct sb_section_ctx *sect_tail;
173
174 struct sb_dcd_ctx *dcd_head;
175 struct sb_dcd_ctx *dcd_tail;
176
177 EVP_CIPHER_CTX *cipher_ctx;
178 EVP_MD_CTX *md_ctx;
179 uint8_t digest[32];
180 struct sb_key_dictionary_key sb_dict_key;
181
182 struct sb_boot_image_header payload;
183 };
184
185 /*
186 * Instruction semantics:
187 * NOOP
188 * TAG [LAST]
189 * LOAD address file
190 * LOAD IVT address IVT_entry_point
191 * FILL address pattern length
192 * JUMP [HAB] address [r0_arg]
193 * CALL [HAB] address [r0_arg]
194 * MODE mode
195 * For i.MX23, mode = USB/I2C/SPI1_FLASH/SPI2_FLASH/NAND_BCH
196 * JTAG/SPI3_EEPROM/SD_SSP0/SD_SSP1
197 * For i.MX28, mode = USB/I2C/SPI2_FLASH/SPI3_FLASH/NAND_BCH
198 * JTAG/SPI2_EEPROM/SD_SSP0/SD_SSP1
199 */
200
201 /*
202 * AES libcrypto
203 */
sb_aes_init(struct sb_image_ctx * ictx,uint8_t * iv,int enc)204 static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc)
205 {
206 EVP_CIPHER_CTX *ctx;
207 int ret;
208
209 /* If there is no init vector, init vector is all zeroes. */
210 if (!iv)
211 iv = ictx->image_key;
212
213 ctx = EVP_CIPHER_CTX_new();
214 ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), ictx->image_key, iv, enc);
215 if (ret == 1) {
216 EVP_CIPHER_CTX_set_padding(ctx, 0);
217 ictx->cipher_ctx = ctx;
218 }
219 return ret;
220 }
221
sb_aes_crypt(struct sb_image_ctx * ictx,uint8_t * in_data,uint8_t * out_data,int in_len)222 static int sb_aes_crypt(struct sb_image_ctx *ictx, uint8_t *in_data,
223 uint8_t *out_data, int in_len)
224 {
225 EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;
226 int ret, outlen;
227 uint8_t *outbuf;
228
229 outbuf = malloc(in_len);
230 if (!outbuf)
231 return -ENOMEM;
232 memset(outbuf, 0, sizeof(in_len));
233
234 ret = EVP_CipherUpdate(ctx, outbuf, &outlen, in_data, in_len);
235 if (!ret) {
236 ret = -EINVAL;
237 goto err;
238 }
239
240 if (out_data)
241 memcpy(out_data, outbuf, outlen);
242
243 err:
244 free(outbuf);
245 return ret;
246 }
247
sb_aes_deinit(EVP_CIPHER_CTX * ctx)248 static int sb_aes_deinit(EVP_CIPHER_CTX *ctx)
249 {
250 return EVP_CIPHER_CTX_reset(ctx);
251 }
252
sb_aes_reinit(struct sb_image_ctx * ictx,int enc)253 static int sb_aes_reinit(struct sb_image_ctx *ictx, int enc)
254 {
255 int ret;
256 EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;
257 struct sb_boot_image_header *sb_header = &ictx->payload;
258 uint8_t *iv = sb_header->iv;
259
260 ret = sb_aes_deinit(ctx);
261 if (!ret)
262 return ret;
263 return sb_aes_init(ictx, iv, enc);
264 }
265
266 /*
267 * Debug
268 */
soprintf(struct sb_image_ctx * ictx,const char * fmt,...)269 static void soprintf(struct sb_image_ctx *ictx, const char *fmt, ...)
270 {
271 va_list ap;
272
273 if (ictx->silent_dump)
274 return;
275
276 va_start(ap, fmt);
277 vfprintf(stdout, fmt, ap);
278 va_end(ap);
279 }
280
281 /*
282 * Code
283 */
sb_get_timestamp(void)284 static time_t sb_get_timestamp(void)
285 {
286 struct tm time_2000 = {
287 .tm_yday = 1, /* Jan. 1st */
288 .tm_year = 100, /* 2000 */
289 };
290 time_t seconds_to_2000 = mktime(&time_2000);
291 time_t seconds_to_now = time(NULL);
292
293 return seconds_to_now - seconds_to_2000;
294 }
295
sb_get_time(time_t time,struct tm * tm)296 static int sb_get_time(time_t time, struct tm *tm)
297 {
298 struct tm time_2000 = {
299 .tm_yday = 1, /* Jan. 1st */
300 .tm_year = 0, /* 1900 */
301 };
302 const time_t seconds_to_2000 = mktime(&time_2000);
303 const time_t seconds_to_now = seconds_to_2000 + time;
304 struct tm *ret;
305 ret = gmtime_r(&seconds_to_now, tm);
306 return ret ? 0 : -EINVAL;
307 }
308
sb_encrypt_sb_header(struct sb_image_ctx * ictx)309 static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
310 {
311 EVP_MD_CTX *md_ctx = ictx->md_ctx;
312 struct sb_boot_image_header *sb_header = &ictx->payload;
313 uint8_t *sb_header_ptr = (uint8_t *)sb_header;
314
315 /* Encrypt the header, compute the digest. */
316 sb_aes_crypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));
317 EVP_DigestUpdate(md_ctx, sb_header_ptr, sizeof(*sb_header));
318 }
319
sb_encrypt_sb_sections_header(struct sb_image_ctx * ictx)320 static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)
321 {
322 EVP_MD_CTX *md_ctx = ictx->md_ctx;
323 struct sb_section_ctx *sctx = ictx->sect_head;
324 struct sb_sections_header *shdr;
325 uint8_t *sb_sections_header_ptr;
326 const int size = sizeof(*shdr);
327
328 while (sctx) {
329 shdr = &sctx->payload;
330 sb_sections_header_ptr = (uint8_t *)shdr;
331
332 sb_aes_crypt(ictx, sb_sections_header_ptr,
333 ictx->sb_dict_key.cbc_mac, size);
334 EVP_DigestUpdate(md_ctx, sb_sections_header_ptr, size);
335
336 sctx = sctx->sect;
337 };
338 }
339
sb_encrypt_key_dictionary_key(struct sb_image_ctx * ictx)340 static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
341 {
342 EVP_MD_CTX *md_ctx = ictx->md_ctx;
343
344 sb_aes_crypt(ictx, ictx->image_key, ictx->sb_dict_key.key,
345 sizeof(ictx->sb_dict_key.key));
346 EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
347 }
348
sb_decrypt_key_dictionary_key(struct sb_image_ctx * ictx)349 static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)
350 {
351 EVP_MD_CTX *md_ctx = ictx->md_ctx;
352
353 EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
354 sb_aes_crypt(ictx, ictx->sb_dict_key.key, ictx->image_key,
355 sizeof(ictx->sb_dict_key.key));
356 }
357
sb_encrypt_tag(struct sb_image_ctx * ictx,struct sb_cmd_ctx * cctx)358 static void sb_encrypt_tag(struct sb_image_ctx *ictx,
359 struct sb_cmd_ctx *cctx)
360 {
361 EVP_MD_CTX *md_ctx = ictx->md_ctx;
362 struct sb_command *cmd = &cctx->payload;
363
364 sb_aes_crypt(ictx, (uint8_t *)cmd,
365 (uint8_t *)&cctx->c_payload, sizeof(*cmd));
366 EVP_DigestUpdate(md_ctx, &cctx->c_payload, sizeof(*cmd));
367 }
368
sb_encrypt_image(struct sb_image_ctx * ictx)369 static int sb_encrypt_image(struct sb_image_ctx *ictx)
370 {
371 /* Start image-wide crypto. */
372 ictx->md_ctx = EVP_MD_CTX_new();
373 EVP_DigestInit(ictx->md_ctx, EVP_sha1());
374
375 /*
376 * SB image header.
377 */
378 sb_aes_init(ictx, NULL, 1);
379 sb_encrypt_sb_header(ictx);
380
381 /*
382 * SB sections header.
383 */
384 sb_encrypt_sb_sections_header(ictx);
385
386 /*
387 * Key dictionary.
388 */
389 sb_aes_reinit(ictx, 1);
390 sb_encrypt_key_dictionary_key(ictx);
391
392 /*
393 * Section tags.
394 */
395 struct sb_cmd_ctx *cctx;
396 struct sb_command *ccmd;
397 struct sb_section_ctx *sctx = ictx->sect_head;
398
399 while (sctx) {
400 cctx = sctx->cmd_head;
401
402 sb_aes_reinit(ictx, 1);
403
404 while (cctx) {
405 ccmd = &cctx->payload;
406
407 sb_encrypt_tag(ictx, cctx);
408
409 if (ccmd->header.tag == ROM_TAG_CMD) {
410 sb_aes_reinit(ictx, 1);
411 } else if (ccmd->header.tag == ROM_LOAD_CMD) {
412 sb_aes_crypt(ictx, cctx->data, cctx->data,
413 cctx->length);
414 EVP_DigestUpdate(ictx->md_ctx, cctx->data,
415 cctx->length);
416 }
417
418 cctx = cctx->cmd;
419 }
420
421 sctx = sctx->sect;
422 };
423
424 /*
425 * Dump the SHA1 of the whole image.
426 */
427 sb_aes_reinit(ictx, 1);
428
429 EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);
430 EVP_MD_CTX_free(ictx->md_ctx);
431 sb_aes_crypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));
432
433 /* Stop the encryption session. */
434 sb_aes_deinit(ictx->cipher_ctx);
435
436 return 0;
437 }
438
sb_load_file(struct sb_cmd_ctx * cctx,char * filename)439 static int sb_load_file(struct sb_cmd_ctx *cctx, char *filename)
440 {
441 long real_size, roundup_size;
442 uint8_t *data;
443 long ret;
444 unsigned long size;
445 FILE *fp;
446
447 if (!filename) {
448 fprintf(stderr, "ERR: Missing filename!\n");
449 return -EINVAL;
450 }
451
452 fp = fopen(filename, "r");
453 if (!fp)
454 goto err_open;
455
456 ret = fseek(fp, 0, SEEK_END);
457 if (ret < 0)
458 goto err_file;
459
460 real_size = ftell(fp);
461 if (real_size < 0)
462 goto err_file;
463
464 ret = fseek(fp, 0, SEEK_SET);
465 if (ret < 0)
466 goto err_file;
467
468 roundup_size = roundup(real_size, SB_BLOCK_SIZE);
469 data = calloc(1, roundup_size);
470 if (!data)
471 goto err_file;
472
473 size = fread(data, 1, real_size, fp);
474 if (size != (unsigned long)real_size)
475 goto err_alloc;
476
477 cctx->data = data;
478 cctx->length = roundup_size;
479
480 fclose(fp);
481 return 0;
482
483 err_alloc:
484 free(data);
485 err_file:
486 fclose(fp);
487 err_open:
488 fprintf(stderr, "ERR: Failed to load file \"%s\"\n", filename);
489 return -EINVAL;
490 }
491
sb_command_checksum(struct sb_command * inst)492 static uint8_t sb_command_checksum(struct sb_command *inst)
493 {
494 uint8_t *inst_ptr = (uint8_t *)inst;
495 uint8_t csum = 0;
496 unsigned int i;
497
498 for (i = 0; i < sizeof(struct sb_command); i++)
499 csum += inst_ptr[i];
500
501 return csum;
502 }
503
sb_token_to_long(char * tok,uint32_t * rid)504 static int sb_token_to_long(char *tok, uint32_t *rid)
505 {
506 char *endptr;
507 unsigned long id;
508
509 if (tok[0] != '0' || tok[1] != 'x') {
510 fprintf(stderr, "ERR: Invalid hexadecimal number!\n");
511 return -EINVAL;
512 }
513
514 tok += 2;
515
516 errno = 0;
517 id = strtoul(tok, &endptr, 16);
518 if ((errno == ERANGE && id == ULONG_MAX) || (errno != 0 && id == 0)) {
519 fprintf(stderr, "ERR: Value can't be decoded!\n");
520 return -EINVAL;
521 }
522
523 /* Check for 32-bit overflow. */
524 if (id > 0xffffffff) {
525 fprintf(stderr, "ERR: Value too big!\n");
526 return -EINVAL;
527 }
528
529 if (endptr == tok) {
530 fprintf(stderr, "ERR: Deformed value!\n");
531 return -EINVAL;
532 }
533
534 *rid = (uint32_t)id;
535 return 0;
536 }
537
sb_grow_dcd(struct sb_dcd_ctx * dctx,unsigned int inc_size)538 static int sb_grow_dcd(struct sb_dcd_ctx *dctx, unsigned int inc_size)
539 {
540 uint32_t *tmp;
541
542 if (!inc_size)
543 return 0;
544
545 dctx->size += inc_size;
546 tmp = realloc(dctx->payload, dctx->size);
547 if (!tmp)
548 return -ENOMEM;
549
550 dctx->payload = tmp;
551
552 /* Assemble and update the HAB DCD header. */
553 dctx->payload[0] = htonl((SB_HAB_DCD_TAG << 24) |
554 (dctx->size << 8) |
555 SB_HAB_VERSION);
556
557 return 0;
558 }
559
sb_build_dcd(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)560 static int sb_build_dcd(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)
561 {
562 struct sb_dcd_ctx *dctx;
563
564 char *tok;
565 uint32_t id;
566 int ret;
567
568 dctx = calloc(1, sizeof(*dctx));
569 if (!dctx)
570 return -ENOMEM;
571
572 ret = sb_grow_dcd(dctx, 4);
573 if (ret)
574 goto err_dcd;
575
576 /* Read DCD block number. */
577 tok = strtok(cmd->cmd, " ");
578 if (!tok) {
579 fprintf(stderr, "#%i ERR: DCD block without number!\n",
580 cmd->lineno);
581 ret = -EINVAL;
582 goto err_dcd;
583 }
584
585 /* Parse the DCD block number. */
586 ret = sb_token_to_long(tok, &id);
587 if (ret) {
588 fprintf(stderr, "#%i ERR: Malformed DCD block number!\n",
589 cmd->lineno);
590 goto err_dcd;
591 }
592
593 dctx->id = id;
594
595 /*
596 * The DCD block is now constructed. Append it to the list.
597 * WARNING: The DCD size is still not computed and will be
598 * updated while parsing it's commands.
599 */
600 if (!ictx->dcd_head) {
601 ictx->dcd_head = dctx;
602 ictx->dcd_tail = dctx;
603 } else {
604 ictx->dcd_tail->dcd = dctx;
605 ictx->dcd_tail = dctx;
606 }
607
608 return 0;
609
610 err_dcd:
611 free(dctx->payload);
612 free(dctx);
613 return ret;
614 }
615
sb_build_dcd_block(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd,uint32_t type)616 static int sb_build_dcd_block(struct sb_image_ctx *ictx,
617 struct sb_cmd_list *cmd,
618 uint32_t type)
619 {
620 char *tok;
621 uint32_t address, value, length;
622 int ret;
623
624 struct sb_dcd_ctx *dctx = ictx->dcd_tail;
625 uint32_t *dcd;
626
627 if (dctx->prev_dcd_head && (type != SB_DCD_NOOP) &&
628 ((dctx->prev_dcd_head[0] & 0xff0000ff) == type)) {
629 /* Same instruction as before, just append it. */
630 ret = sb_grow_dcd(dctx, 8);
631 if (ret)
632 return ret;
633 } else if (type == SB_DCD_NOOP) {
634 ret = sb_grow_dcd(dctx, 4);
635 if (ret)
636 return ret;
637
638 /* Update DCD command block pointer. */
639 dctx->prev_dcd_head = dctx->payload +
640 dctx->size / sizeof(*dctx->payload) - 1;
641
642 /* NOOP has only 4 bytes and no payload. */
643 goto noop;
644 } else {
645 /*
646 * Either a different instruction block started now
647 * or this is the first instruction block.
648 */
649 ret = sb_grow_dcd(dctx, 12);
650 if (ret)
651 return ret;
652
653 /* Update DCD command block pointer. */
654 dctx->prev_dcd_head = dctx->payload +
655 dctx->size / sizeof(*dctx->payload) - 3;
656 }
657
658 dcd = dctx->payload + dctx->size / sizeof(*dctx->payload) - 2;
659
660 /*
661 * Prepare the command.
662 */
663 tok = strtok(cmd->cmd, " ");
664 if (!tok) {
665 fprintf(stderr, "#%i ERR: Missing DCD address!\n",
666 cmd->lineno);
667 ret = -EINVAL;
668 goto err;
669 }
670
671 /* Read DCD destination address. */
672 ret = sb_token_to_long(tok, &address);
673 if (ret) {
674 fprintf(stderr, "#%i ERR: Incorrect DCD address!\n",
675 cmd->lineno);
676 goto err;
677 }
678
679 tok = strtok(NULL, " ");
680 if (!tok) {
681 fprintf(stderr, "#%i ERR: Missing DCD value!\n",
682 cmd->lineno);
683 ret = -EINVAL;
684 goto err;
685 }
686
687 /* Read DCD operation value. */
688 ret = sb_token_to_long(tok, &value);
689 if (ret) {
690 fprintf(stderr, "#%i ERR: Incorrect DCD value!\n",
691 cmd->lineno);
692 goto err;
693 }
694
695 /* Fill in the new DCD entry. */
696 dcd[0] = htonl(address);
697 dcd[1] = htonl(value);
698
699 noop:
700 /* Update the DCD command block. */
701 length = dctx->size -
702 ((dctx->prev_dcd_head - dctx->payload) *
703 sizeof(*dctx->payload));
704 dctx->prev_dcd_head[0] = htonl(type | (length << 8));
705
706 err:
707 return ret;
708 }
709
sb_build_section(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)710 static int sb_build_section(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)
711 {
712 struct sb_section_ctx *sctx;
713 struct sb_sections_header *shdr;
714 char *tok;
715 uint32_t bootable = 0;
716 uint32_t id;
717 int ret;
718
719 sctx = calloc(1, sizeof(*sctx));
720 if (!sctx)
721 return -ENOMEM;
722
723 /* Read section number. */
724 tok = strtok(cmd->cmd, " ");
725 if (!tok) {
726 fprintf(stderr, "#%i ERR: Section without number!\n",
727 cmd->lineno);
728 ret = -EINVAL;
729 goto err_sect;
730 }
731
732 /* Parse the section number. */
733 ret = sb_token_to_long(tok, &id);
734 if (ret) {
735 fprintf(stderr, "#%i ERR: Malformed section number!\n",
736 cmd->lineno);
737 goto err_sect;
738 }
739
740 /* Read section's BOOTABLE flag. */
741 tok = strtok(NULL, " ");
742 if (tok && (strlen(tok) == 8) && !strncmp(tok, "BOOTABLE", 8))
743 bootable = SB_SECTION_FLAG_BOOTABLE;
744
745 sctx->boot = bootable;
746
747 shdr = &sctx->payload;
748 shdr->section_number = id;
749 shdr->section_flags = bootable;
750
751 /*
752 * The section is now constructed. Append it to the list.
753 * WARNING: The section size is still not computed and will
754 * be updated while parsing it's commands.
755 */
756 ictx->sect_count++;
757
758 /* Mark that this section is bootable one. */
759 if (bootable) {
760 if (ictx->sect_boot_found) {
761 fprintf(stderr,
762 "#%i WARN: Multiple bootable section!\n",
763 cmd->lineno);
764 } else {
765 ictx->sect_boot = id;
766 ictx->sect_boot_found = 1;
767 }
768 }
769
770 if (!ictx->sect_head) {
771 ictx->sect_head = sctx;
772 ictx->sect_tail = sctx;
773 } else {
774 ictx->sect_tail->sect = sctx;
775 ictx->sect_tail = sctx;
776 }
777
778 return 0;
779
780 err_sect:
781 free(sctx);
782 return ret;
783 }
784
sb_build_command_nop(struct sb_image_ctx * ictx)785 static int sb_build_command_nop(struct sb_image_ctx *ictx)
786 {
787 struct sb_section_ctx *sctx = ictx->sect_tail;
788 struct sb_cmd_ctx *cctx;
789 struct sb_command *ccmd;
790
791 cctx = calloc(1, sizeof(*cctx));
792 if (!cctx)
793 return -ENOMEM;
794
795 ccmd = &cctx->payload;
796
797 /*
798 * Construct the command.
799 */
800 ccmd->header.checksum = 0x5a;
801 ccmd->header.tag = ROM_NOP_CMD;
802
803 cctx->size = sizeof(*ccmd);
804
805 /*
806 * Append the command to the last section.
807 */
808 if (!sctx->cmd_head) {
809 sctx->cmd_head = cctx;
810 sctx->cmd_tail = cctx;
811 } else {
812 sctx->cmd_tail->cmd = cctx;
813 sctx->cmd_tail = cctx;
814 }
815
816 return 0;
817 }
818
sb_build_command_tag(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)819 static int sb_build_command_tag(struct sb_image_ctx *ictx,
820 struct sb_cmd_list *cmd)
821 {
822 struct sb_section_ctx *sctx = ictx->sect_tail;
823 struct sb_cmd_ctx *cctx;
824 struct sb_command *ccmd;
825 char *tok;
826
827 cctx = calloc(1, sizeof(*cctx));
828 if (!cctx)
829 return -ENOMEM;
830
831 ccmd = &cctx->payload;
832
833 /*
834 * Prepare the command.
835 */
836 /* Check for the LAST keyword. */
837 tok = strtok(cmd->cmd, " ");
838 if (tok && !strcmp(tok, "LAST"))
839 ccmd->header.flags = ROM_TAG_CMD_FLAG_ROM_LAST_TAG;
840
841 /*
842 * Construct the command.
843 */
844 ccmd->header.checksum = 0x5a;
845 ccmd->header.tag = ROM_TAG_CMD;
846
847 cctx->size = sizeof(*ccmd);
848
849 /*
850 * Append the command to the last section.
851 */
852 if (!sctx->cmd_head) {
853 sctx->cmd_head = cctx;
854 sctx->cmd_tail = cctx;
855 } else {
856 sctx->cmd_tail->cmd = cctx;
857 sctx->cmd_tail = cctx;
858 }
859
860 return 0;
861 }
862
sb_build_command_load(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)863 static int sb_build_command_load(struct sb_image_ctx *ictx,
864 struct sb_cmd_list *cmd)
865 {
866 struct sb_section_ctx *sctx = ictx->sect_tail;
867 struct sb_cmd_ctx *cctx;
868 struct sb_command *ccmd;
869 char *tok;
870 int ret, is_ivt = 0, is_dcd = 0;
871 uint32_t dest, dcd = 0;
872
873 cctx = calloc(1, sizeof(*cctx));
874 if (!cctx)
875 return -ENOMEM;
876
877 ccmd = &cctx->payload;
878
879 /*
880 * Prepare the command.
881 */
882 tok = strtok(cmd->cmd, " ");
883 if (!tok) {
884 fprintf(stderr, "#%i ERR: Missing LOAD address or 'IVT'!\n",
885 cmd->lineno);
886 ret = -EINVAL;
887 goto err;
888 }
889
890 /* Check for "IVT" flag. */
891 if (!strcmp(tok, "IVT"))
892 is_ivt = 1;
893 if (!strcmp(tok, "DCD"))
894 is_dcd = 1;
895 if (is_ivt || is_dcd) {
896 tok = strtok(NULL, " ");
897 if (!tok) {
898 fprintf(stderr, "#%i ERR: Missing LOAD address!\n",
899 cmd->lineno);
900 ret = -EINVAL;
901 goto err;
902 }
903 }
904
905 /* Read load destination address. */
906 ret = sb_token_to_long(tok, &dest);
907 if (ret) {
908 fprintf(stderr, "#%i ERR: Incorrect LOAD address!\n",
909 cmd->lineno);
910 goto err;
911 }
912
913 /* Read filename or IVT entrypoint or DCD block ID. */
914 tok = strtok(NULL, " ");
915 if (!tok) {
916 fprintf(stderr,
917 "#%i ERR: Missing LOAD filename or IVT ep or DCD block ID!\n",
918 cmd->lineno);
919 ret = -EINVAL;
920 goto err;
921 }
922
923 if (is_ivt) {
924 /* Handle IVT. */
925 struct sb_ivt_header *ivt;
926 uint32_t ivtep;
927 ret = sb_token_to_long(tok, &ivtep);
928
929 if (ret) {
930 fprintf(stderr,
931 "#%i ERR: Incorrect IVT entry point!\n",
932 cmd->lineno);
933 goto err;
934 }
935
936 ivt = calloc(1, sizeof(*ivt));
937 if (!ivt) {
938 ret = -ENOMEM;
939 goto err;
940 }
941
942 ivt->header = sb_hab_ivt_header();
943 ivt->entry = ivtep;
944 ivt->self = dest;
945
946 cctx->data = (uint8_t *)ivt;
947 cctx->length = sizeof(*ivt);
948 } else if (is_dcd) {
949 struct sb_dcd_ctx *dctx = ictx->dcd_head;
950 uint32_t dcdid;
951 uint8_t *payload;
952 uint32_t asize;
953 ret = sb_token_to_long(tok, &dcdid);
954
955 if (ret) {
956 fprintf(stderr,
957 "#%i ERR: Incorrect DCD block ID!\n",
958 cmd->lineno);
959 goto err;
960 }
961
962 while (dctx) {
963 if (dctx->id == dcdid)
964 break;
965 dctx = dctx->dcd;
966 }
967
968 if (!dctx) {
969 fprintf(stderr, "#%i ERR: DCD block %08x not found!\n",
970 cmd->lineno, dcdid);
971 goto err;
972 }
973
974 asize = roundup(dctx->size, SB_BLOCK_SIZE);
975 payload = calloc(1, asize);
976 if (!payload) {
977 ret = -ENOMEM;
978 goto err;
979 }
980
981 memcpy(payload, dctx->payload, dctx->size);
982
983 cctx->data = payload;
984 cctx->length = asize;
985
986 /* Set the Load DCD flag. */
987 dcd = ROM_LOAD_CMD_FLAG_DCD_LOAD;
988 } else {
989 /* Regular LOAD of a file. */
990 ret = sb_load_file(cctx, tok);
991 if (ret) {
992 fprintf(stderr, "#%i ERR: Cannot load '%s'!\n",
993 cmd->lineno, tok);
994 goto err;
995 }
996 }
997
998 if (cctx->length & (SB_BLOCK_SIZE - 1)) {
999 fprintf(stderr, "#%i ERR: Unaligned payload!\n",
1000 cmd->lineno);
1001 }
1002
1003 /*
1004 * Construct the command.
1005 */
1006 ccmd->header.checksum = 0x5a;
1007 ccmd->header.tag = ROM_LOAD_CMD;
1008 ccmd->header.flags = dcd;
1009
1010 ccmd->load.address = dest;
1011 ccmd->load.count = cctx->length;
1012 ccmd->load.crc32 = pbl_crc32(0,
1013 (const char *)cctx->data,
1014 cctx->length);
1015
1016 cctx->size = sizeof(*ccmd) + cctx->length;
1017
1018 /*
1019 * Append the command to the last section.
1020 */
1021 if (!sctx->cmd_head) {
1022 sctx->cmd_head = cctx;
1023 sctx->cmd_tail = cctx;
1024 } else {
1025 sctx->cmd_tail->cmd = cctx;
1026 sctx->cmd_tail = cctx;
1027 }
1028
1029 return 0;
1030
1031 err:
1032 free(cctx);
1033 return ret;
1034 }
1035
sb_build_command_fill(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1036 static int sb_build_command_fill(struct sb_image_ctx *ictx,
1037 struct sb_cmd_list *cmd)
1038 {
1039 struct sb_section_ctx *sctx = ictx->sect_tail;
1040 struct sb_cmd_ctx *cctx;
1041 struct sb_command *ccmd;
1042 char *tok;
1043 uint32_t address, pattern, length;
1044 int ret;
1045
1046 cctx = calloc(1, sizeof(*cctx));
1047 if (!cctx)
1048 return -ENOMEM;
1049
1050 ccmd = &cctx->payload;
1051
1052 /*
1053 * Prepare the command.
1054 */
1055 tok = strtok(cmd->cmd, " ");
1056 if (!tok) {
1057 fprintf(stderr, "#%i ERR: Missing FILL address!\n",
1058 cmd->lineno);
1059 ret = -EINVAL;
1060 goto err;
1061 }
1062
1063 /* Read fill destination address. */
1064 ret = sb_token_to_long(tok, &address);
1065 if (ret) {
1066 fprintf(stderr, "#%i ERR: Incorrect FILL address!\n",
1067 cmd->lineno);
1068 goto err;
1069 }
1070
1071 tok = strtok(NULL, " ");
1072 if (!tok) {
1073 fprintf(stderr, "#%i ERR: Missing FILL pattern!\n",
1074 cmd->lineno);
1075 ret = -EINVAL;
1076 goto err;
1077 }
1078
1079 /* Read fill pattern address. */
1080 ret = sb_token_to_long(tok, &pattern);
1081 if (ret) {
1082 fprintf(stderr, "#%i ERR: Incorrect FILL pattern!\n",
1083 cmd->lineno);
1084 goto err;
1085 }
1086
1087 tok = strtok(NULL, " ");
1088 if (!tok) {
1089 fprintf(stderr, "#%i ERR: Missing FILL length!\n",
1090 cmd->lineno);
1091 ret = -EINVAL;
1092 goto err;
1093 }
1094
1095 /* Read fill pattern address. */
1096 ret = sb_token_to_long(tok, &length);
1097 if (ret) {
1098 fprintf(stderr, "#%i ERR: Incorrect FILL length!\n",
1099 cmd->lineno);
1100 goto err;
1101 }
1102
1103 /*
1104 * Construct the command.
1105 */
1106 ccmd->header.checksum = 0x5a;
1107 ccmd->header.tag = ROM_FILL_CMD;
1108
1109 ccmd->fill.address = address;
1110 ccmd->fill.count = length;
1111 ccmd->fill.pattern = pattern;
1112
1113 cctx->size = sizeof(*ccmd);
1114
1115 /*
1116 * Append the command to the last section.
1117 */
1118 if (!sctx->cmd_head) {
1119 sctx->cmd_head = cctx;
1120 sctx->cmd_tail = cctx;
1121 } else {
1122 sctx->cmd_tail->cmd = cctx;
1123 sctx->cmd_tail = cctx;
1124 }
1125
1126 return 0;
1127
1128 err:
1129 free(cctx);
1130 return ret;
1131 }
1132
sb_build_command_jump_call(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd,unsigned int is_call)1133 static int sb_build_command_jump_call(struct sb_image_ctx *ictx,
1134 struct sb_cmd_list *cmd,
1135 unsigned int is_call)
1136 {
1137 struct sb_section_ctx *sctx = ictx->sect_tail;
1138 struct sb_cmd_ctx *cctx;
1139 struct sb_command *ccmd;
1140 char *tok;
1141 uint32_t dest, arg = 0x0;
1142 uint32_t hab = 0;
1143 int ret;
1144 const char *cmdname = is_call ? "CALL" : "JUMP";
1145
1146 cctx = calloc(1, sizeof(*cctx));
1147 if (!cctx)
1148 return -ENOMEM;
1149
1150 ccmd = &cctx->payload;
1151
1152 /*
1153 * Prepare the command.
1154 */
1155 tok = strtok(cmd->cmd, " ");
1156 if (!tok) {
1157 fprintf(stderr,
1158 "#%i ERR: Missing %s address or 'HAB'!\n",
1159 cmd->lineno, cmdname);
1160 ret = -EINVAL;
1161 goto err;
1162 }
1163
1164 /* Check for "HAB" flag. */
1165 if (!strcmp(tok, "HAB")) {
1166 hab = is_call ? ROM_CALL_CMD_FLAG_HAB : ROM_JUMP_CMD_FLAG_HAB;
1167 tok = strtok(NULL, " ");
1168 if (!tok) {
1169 fprintf(stderr, "#%i ERR: Missing %s address!\n",
1170 cmd->lineno, cmdname);
1171 ret = -EINVAL;
1172 goto err;
1173 }
1174 }
1175 /* Read load destination address. */
1176 ret = sb_token_to_long(tok, &dest);
1177 if (ret) {
1178 fprintf(stderr, "#%i ERR: Incorrect %s address!\n",
1179 cmd->lineno, cmdname);
1180 goto err;
1181 }
1182
1183 tok = strtok(NULL, " ");
1184 if (tok) {
1185 ret = sb_token_to_long(tok, &arg);
1186 if (ret) {
1187 fprintf(stderr,
1188 "#%i ERR: Incorrect %s argument!\n",
1189 cmd->lineno, cmdname);
1190 goto err;
1191 }
1192 }
1193
1194 /*
1195 * Construct the command.
1196 */
1197 ccmd->header.checksum = 0x5a;
1198 ccmd->header.tag = is_call ? ROM_CALL_CMD : ROM_JUMP_CMD;
1199 ccmd->header.flags = hab;
1200
1201 ccmd->call.address = dest;
1202 ccmd->call.argument = arg;
1203
1204 cctx->size = sizeof(*ccmd);
1205
1206 /*
1207 * Append the command to the last section.
1208 */
1209 if (!sctx->cmd_head) {
1210 sctx->cmd_head = cctx;
1211 sctx->cmd_tail = cctx;
1212 } else {
1213 sctx->cmd_tail->cmd = cctx;
1214 sctx->cmd_tail = cctx;
1215 }
1216
1217 return 0;
1218
1219 err:
1220 free(cctx);
1221 return ret;
1222 }
1223
sb_build_command_jump(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1224 static int sb_build_command_jump(struct sb_image_ctx *ictx,
1225 struct sb_cmd_list *cmd)
1226 {
1227 return sb_build_command_jump_call(ictx, cmd, 0);
1228 }
1229
sb_build_command_call(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1230 static int sb_build_command_call(struct sb_image_ctx *ictx,
1231 struct sb_cmd_list *cmd)
1232 {
1233 return sb_build_command_jump_call(ictx, cmd, 1);
1234 }
1235
sb_build_command_mode(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1236 static int sb_build_command_mode(struct sb_image_ctx *ictx,
1237 struct sb_cmd_list *cmd)
1238 {
1239 struct sb_section_ctx *sctx = ictx->sect_tail;
1240 struct sb_cmd_ctx *cctx;
1241 struct sb_command *ccmd;
1242 char *tok;
1243 int ret;
1244 unsigned int i;
1245 uint32_t mode = 0xffffffff;
1246
1247 cctx = calloc(1, sizeof(*cctx));
1248 if (!cctx)
1249 return -ENOMEM;
1250
1251 ccmd = &cctx->payload;
1252
1253 /*
1254 * Prepare the command.
1255 */
1256 tok = strtok(cmd->cmd, " ");
1257 if (!tok) {
1258 fprintf(stderr, "#%i ERR: Missing MODE boot mode argument!\n",
1259 cmd->lineno);
1260 ret = -EINVAL;
1261 goto err;
1262 }
1263
1264 for (i = 0; i < ARRAY_SIZE(modetable); i++) {
1265 if (!strcmp(tok, modetable[i].name)) {
1266 mode = modetable[i].mode;
1267 break;
1268 }
1269
1270 if (!modetable[i].altname)
1271 continue;
1272
1273 if (!strcmp(tok, modetable[i].altname)) {
1274 mode = modetable[i].mode;
1275 break;
1276 }
1277 }
1278
1279 if (mode == 0xffffffff) {
1280 fprintf(stderr, "#%i ERR: Invalid MODE boot mode argument!\n",
1281 cmd->lineno);
1282 ret = -EINVAL;
1283 goto err;
1284 }
1285
1286 /*
1287 * Construct the command.
1288 */
1289 ccmd->header.checksum = 0x5a;
1290 ccmd->header.tag = ROM_MODE_CMD;
1291
1292 ccmd->mode.mode = mode;
1293
1294 cctx->size = sizeof(*ccmd);
1295
1296 /*
1297 * Append the command to the last section.
1298 */
1299 if (!sctx->cmd_head) {
1300 sctx->cmd_head = cctx;
1301 sctx->cmd_tail = cctx;
1302 } else {
1303 sctx->cmd_tail->cmd = cctx;
1304 sctx->cmd_tail = cctx;
1305 }
1306
1307 return 0;
1308
1309 err:
1310 free(cctx);
1311 return ret;
1312 }
1313
sb_prefill_image_header(struct sb_image_ctx * ictx)1314 static int sb_prefill_image_header(struct sb_image_ctx *ictx)
1315 {
1316 struct sb_boot_image_header *hdr = &ictx->payload;
1317
1318 /* Fill signatures */
1319 memcpy(hdr->signature1, "STMP", 4);
1320 memcpy(hdr->signature2, "sgtl", 4);
1321
1322 /* SB Image version 1.1 */
1323 hdr->major_version = SB_VERSION_MAJOR;
1324 hdr->minor_version = SB_VERSION_MINOR;
1325
1326 /* Boot image major version */
1327 hdr->product_version.major = htons(0x999);
1328 hdr->product_version.minor = htons(0x999);
1329 hdr->product_version.revision = htons(0x999);
1330 /* Boot image major version */
1331 hdr->component_version.major = htons(0x999);
1332 hdr->component_version.minor = htons(0x999);
1333 hdr->component_version.revision = htons(0x999);
1334
1335 /* Drive tag must be 0x0 for i.MX23 */
1336 hdr->drive_tag = 0;
1337
1338 hdr->header_blocks =
1339 sizeof(struct sb_boot_image_header) / SB_BLOCK_SIZE;
1340 hdr->section_header_size =
1341 sizeof(struct sb_sections_header) / SB_BLOCK_SIZE;
1342 hdr->timestamp_us = sb_get_timestamp() * 1000000;
1343
1344 hdr->flags = ictx->display_progress ?
1345 SB_IMAGE_FLAG_DISPLAY_PROGRESS : 0;
1346
1347 /* FIXME -- We support only default key */
1348 hdr->key_count = 1;
1349
1350 return 0;
1351 }
1352
sb_postfill_image_header(struct sb_image_ctx * ictx)1353 static int sb_postfill_image_header(struct sb_image_ctx *ictx)
1354 {
1355 struct sb_boot_image_header *hdr = &ictx->payload;
1356 struct sb_section_ctx *sctx = ictx->sect_head;
1357 uint32_t kd_size, sections_blocks;
1358 EVP_MD_CTX *md_ctx;
1359
1360 /* The main SB header size in blocks. */
1361 hdr->image_blocks = hdr->header_blocks;
1362
1363 /* Size of the key dictionary, which has single zero entry. */
1364 kd_size = hdr->key_count * sizeof(struct sb_key_dictionary_key);
1365 hdr->image_blocks += kd_size / SB_BLOCK_SIZE;
1366
1367 /* Now count the payloads. */
1368 hdr->section_count = ictx->sect_count;
1369 while (sctx) {
1370 hdr->image_blocks += sctx->size / SB_BLOCK_SIZE;
1371 sctx = sctx->sect;
1372 }
1373
1374 if (!ictx->sect_boot_found) {
1375 fprintf(stderr, "ERR: No bootable section selected!\n");
1376 return -EINVAL;
1377 }
1378 hdr->first_boot_section_id = ictx->sect_boot;
1379
1380 /* The n * SB section size in blocks. */
1381 sections_blocks = hdr->section_count * hdr->section_header_size;
1382 hdr->image_blocks += sections_blocks;
1383
1384 /* Key dictionary offset. */
1385 hdr->key_dictionary_block = hdr->header_blocks + sections_blocks;
1386
1387 /* Digest of the whole image. */
1388 hdr->image_blocks += 2;
1389
1390 /* Pointer past the dictionary. */
1391 hdr->first_boot_tag_block =
1392 hdr->key_dictionary_block + kd_size / SB_BLOCK_SIZE;
1393
1394 /* Compute header digest. */
1395 md_ctx = EVP_MD_CTX_new();
1396
1397 EVP_DigestInit(md_ctx, EVP_sha1());
1398 EVP_DigestUpdate(md_ctx, hdr->signature1,
1399 sizeof(struct sb_boot_image_header) -
1400 sizeof(hdr->digest));
1401 EVP_DigestFinal(md_ctx, hdr->digest, NULL);
1402 EVP_MD_CTX_free(md_ctx);
1403
1404 return 0;
1405 }
1406
sb_fixup_sections_and_tags(struct sb_image_ctx * ictx)1407 static int sb_fixup_sections_and_tags(struct sb_image_ctx *ictx)
1408 {
1409 /* Fixup the placement of sections. */
1410 struct sb_boot_image_header *ihdr = &ictx->payload;
1411 struct sb_section_ctx *sctx = ictx->sect_head;
1412 struct sb_sections_header *shdr;
1413 struct sb_cmd_ctx *cctx;
1414 struct sb_command *ccmd;
1415 uint32_t offset = ihdr->first_boot_tag_block;
1416
1417 while (sctx) {
1418 shdr = &sctx->payload;
1419
1420 /* Fill in the section TAG offset. */
1421 shdr->section_offset = offset + 1;
1422 offset += shdr->section_size;
1423
1424 /* Section length is measured from the TAG block. */
1425 shdr->section_size--;
1426
1427 /* Fixup the TAG command. */
1428 cctx = sctx->cmd_head;
1429 while (cctx) {
1430 ccmd = &cctx->payload;
1431 if (ccmd->header.tag == ROM_TAG_CMD) {
1432 ccmd->tag.section_number = shdr->section_number;
1433 ccmd->tag.section_length = shdr->section_size;
1434 ccmd->tag.section_flags = shdr->section_flags;
1435 }
1436
1437 /* Update the command checksum. */
1438 ccmd->header.checksum = sb_command_checksum(ccmd);
1439
1440 cctx = cctx->cmd;
1441 }
1442
1443 sctx = sctx->sect;
1444 }
1445
1446 return 0;
1447 }
1448
sb_parse_line(struct sb_image_ctx * ictx,struct sb_cmd_list * cmd)1449 static int sb_parse_line(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)
1450 {
1451 char *tok;
1452 char *line = cmd->cmd;
1453 char *rptr = NULL;
1454 int ret;
1455
1456 /* Analyze the identifier on this line first. */
1457 tok = strtok_r(line, " ", &rptr);
1458 if (!tok || (strlen(tok) == 0)) {
1459 fprintf(stderr, "#%i ERR: Invalid line!\n", cmd->lineno);
1460 return -EINVAL;
1461 }
1462
1463 cmd->cmd = rptr;
1464
1465 /* set DISPLAY_PROGRESS flag */
1466 if (!strcmp(tok, "DISPLAYPROGRESS")) {
1467 ictx->display_progress = 1;
1468 return 0;
1469 }
1470
1471 /* DCD */
1472 if (!strcmp(tok, "DCD")) {
1473 ictx->in_section = 0;
1474 ictx->in_dcd = 1;
1475 sb_build_dcd(ictx, cmd);
1476 return 0;
1477 }
1478
1479 /* Section */
1480 if (!strcmp(tok, "SECTION")) {
1481 ictx->in_section = 1;
1482 ictx->in_dcd = 0;
1483 sb_build_section(ictx, cmd);
1484 return 0;
1485 }
1486
1487 if (!ictx->in_section && !ictx->in_dcd) {
1488 fprintf(stderr, "#%i ERR: Data outside of a section!\n",
1489 cmd->lineno);
1490 return -EINVAL;
1491 }
1492
1493 if (ictx->in_section) {
1494 /* Section commands */
1495 if (!strcmp(tok, "NOP")) {
1496 ret = sb_build_command_nop(ictx);
1497 } else if (!strcmp(tok, "TAG")) {
1498 ret = sb_build_command_tag(ictx, cmd);
1499 } else if (!strcmp(tok, "LOAD")) {
1500 ret = sb_build_command_load(ictx, cmd);
1501 } else if (!strcmp(tok, "FILL")) {
1502 ret = sb_build_command_fill(ictx, cmd);
1503 } else if (!strcmp(tok, "JUMP")) {
1504 ret = sb_build_command_jump(ictx, cmd);
1505 } else if (!strcmp(tok, "CALL")) {
1506 ret = sb_build_command_call(ictx, cmd);
1507 } else if (!strcmp(tok, "MODE")) {
1508 ret = sb_build_command_mode(ictx, cmd);
1509 } else {
1510 fprintf(stderr,
1511 "#%i ERR: Unsupported instruction '%s'!\n",
1512 cmd->lineno, tok);
1513 return -ENOTSUP;
1514 }
1515 } else if (ictx->in_dcd) {
1516 char *lptr;
1517 uint32_t ilen = '1';
1518
1519 tok = strtok_r(tok, ".", &lptr);
1520 if (!tok || (strlen(tok) == 0) || (lptr && strlen(lptr) != 1)) {
1521 fprintf(stderr, "#%i ERR: Invalid line!\n",
1522 cmd->lineno);
1523 return -EINVAL;
1524 }
1525
1526 if (lptr &&
1527 (lptr[0] != '1' && lptr[0] != '2' && lptr[0] != '4')) {
1528 fprintf(stderr, "#%i ERR: Invalid instruction width!\n",
1529 cmd->lineno);
1530 return -EINVAL;
1531 }
1532
1533 if (lptr)
1534 ilen = lptr[0] - '1';
1535
1536 /* DCD commands */
1537 if (!strcmp(tok, "WRITE")) {
1538 ret = sb_build_dcd_block(ictx, cmd,
1539 SB_DCD_WRITE | ilen);
1540 } else if (!strcmp(tok, "ANDC")) {
1541 ret = sb_build_dcd_block(ictx, cmd,
1542 SB_DCD_ANDC | ilen);
1543 } else if (!strcmp(tok, "ORR")) {
1544 ret = sb_build_dcd_block(ictx, cmd,
1545 SB_DCD_ORR | ilen);
1546 } else if (!strcmp(tok, "EQZ")) {
1547 ret = sb_build_dcd_block(ictx, cmd,
1548 SB_DCD_CHK_EQZ | ilen);
1549 } else if (!strcmp(tok, "EQ")) {
1550 ret = sb_build_dcd_block(ictx, cmd,
1551 SB_DCD_CHK_EQ | ilen);
1552 } else if (!strcmp(tok, "NEQ")) {
1553 ret = sb_build_dcd_block(ictx, cmd,
1554 SB_DCD_CHK_NEQ | ilen);
1555 } else if (!strcmp(tok, "NEZ")) {
1556 ret = sb_build_dcd_block(ictx, cmd,
1557 SB_DCD_CHK_NEZ | ilen);
1558 } else if (!strcmp(tok, "NOOP")) {
1559 ret = sb_build_dcd_block(ictx, cmd, SB_DCD_NOOP);
1560 } else {
1561 fprintf(stderr,
1562 "#%i ERR: Unsupported instruction '%s'!\n",
1563 cmd->lineno, tok);
1564 return -ENOTSUP;
1565 }
1566 } else {
1567 fprintf(stderr, "#%i ERR: Unsupported instruction '%s'!\n",
1568 cmd->lineno, tok);
1569 return -ENOTSUP;
1570 }
1571
1572 /*
1573 * Here we have at least one section with one command, otherwise we
1574 * would have failed already higher above.
1575 *
1576 * FIXME -- should the updating happen here ?
1577 */
1578 if (ictx->in_section && !ret) {
1579 ictx->sect_tail->size += ictx->sect_tail->cmd_tail->size;
1580 ictx->sect_tail->payload.section_size =
1581 ictx->sect_tail->size / SB_BLOCK_SIZE;
1582 }
1583
1584 return ret;
1585 }
1586
sb_load_cmdfile(struct sb_image_ctx * ictx)1587 static int sb_load_cmdfile(struct sb_image_ctx *ictx)
1588 {
1589 struct sb_cmd_list cmd;
1590 int lineno = 1;
1591 FILE *fp;
1592 char *line = NULL;
1593 ssize_t rlen;
1594 size_t len;
1595
1596 fp = fopen(ictx->cfg_filename, "r");
1597 if (!fp)
1598 goto err_file;
1599
1600 while ((rlen = getline(&line, &len, fp)) > 0) {
1601 memset(&cmd, 0, sizeof(cmd));
1602
1603 /* Strip the trailing newline. */
1604 line[rlen - 1] = '\0';
1605
1606 cmd.cmd = line;
1607 cmd.len = rlen;
1608 cmd.lineno = lineno++;
1609
1610 sb_parse_line(ictx, &cmd);
1611 }
1612
1613 free(line);
1614
1615 fclose(fp);
1616
1617 return 0;
1618
1619 err_file:
1620 fclose(fp);
1621 fprintf(stderr, "ERR: Failed to load file \"%s\"\n",
1622 ictx->cfg_filename);
1623 return -EINVAL;
1624 }
1625
sb_build_tree_from_cfg(struct sb_image_ctx * ictx)1626 static int sb_build_tree_from_cfg(struct sb_image_ctx *ictx)
1627 {
1628 int ret;
1629
1630 ret = sb_load_cmdfile(ictx);
1631 if (ret)
1632 return ret;
1633
1634 ret = sb_prefill_image_header(ictx);
1635 if (ret)
1636 return ret;
1637
1638 ret = sb_postfill_image_header(ictx);
1639 if (ret)
1640 return ret;
1641
1642 ret = sb_fixup_sections_and_tags(ictx);
1643 if (ret)
1644 return ret;
1645
1646 return 0;
1647 }
1648
sb_verify_image_header(struct sb_image_ctx * ictx,FILE * fp,long fsize)1649 static int sb_verify_image_header(struct sb_image_ctx *ictx,
1650 FILE *fp, long fsize)
1651 {
1652 /* Verify static fields in the image header. */
1653 struct sb_boot_image_header *hdr = &ictx->payload;
1654 const char *stat[2] = { "[PASS]", "[FAIL]" };
1655 struct tm tm;
1656 int sz, ret = 0;
1657 unsigned char digest[20];
1658 EVP_MD_CTX *md_ctx;
1659 unsigned long size;
1660
1661 /* Start image-wide crypto. */
1662 ictx->md_ctx = EVP_MD_CTX_new();
1663 EVP_DigestInit(ictx->md_ctx, EVP_sha1());
1664
1665 soprintf(ictx, "---------- Verifying SB Image Header ----------\n");
1666
1667 size = fread(&ictx->payload, 1, sizeof(ictx->payload), fp);
1668 if (size != sizeof(ictx->payload)) {
1669 fprintf(stderr, "ERR: SB image header too short!\n");
1670 return -EINVAL;
1671 }
1672
1673 /* Compute header digest. */
1674 md_ctx = EVP_MD_CTX_new();
1675 EVP_DigestInit(md_ctx, EVP_sha1());
1676 EVP_DigestUpdate(md_ctx, hdr->signature1,
1677 sizeof(struct sb_boot_image_header) -
1678 sizeof(hdr->digest));
1679 EVP_DigestFinal(md_ctx, digest, NULL);
1680 EVP_MD_CTX_free(md_ctx);
1681
1682 sb_aes_init(ictx, NULL, 1);
1683 sb_encrypt_sb_header(ictx);
1684
1685 if (memcmp(digest, hdr->digest, 20))
1686 ret = -EINVAL;
1687 soprintf(ictx, "%s Image header checksum: %s\n", stat[!!ret],
1688 ret ? "BAD" : "OK");
1689 if (ret)
1690 return ret;
1691
1692 if (memcmp(hdr->signature1, "STMP", 4) ||
1693 memcmp(hdr->signature2, "sgtl", 4))
1694 ret = -EINVAL;
1695 soprintf(ictx, "%s Signatures: '%.4s' '%.4s'\n",
1696 stat[!!ret], hdr->signature1, hdr->signature2);
1697 if (ret)
1698 return ret;
1699
1700 if ((hdr->major_version != SB_VERSION_MAJOR) ||
1701 ((hdr->minor_version != 1) && (hdr->minor_version != 2)))
1702 ret = -EINVAL;
1703 soprintf(ictx, "%s Image version: v%i.%i\n", stat[!!ret],
1704 hdr->major_version, hdr->minor_version);
1705 if (ret)
1706 return ret;
1707
1708 ret = sb_get_time(hdr->timestamp_us / 1000000, &tm);
1709 soprintf(ictx,
1710 "%s Creation time: %02i:%02i:%02i %02i/%02i/%04i\n",
1711 stat[!!ret], tm.tm_hour, tm.tm_min, tm.tm_sec,
1712 tm.tm_mday, tm.tm_mon, tm.tm_year + 2000);
1713 if (ret)
1714 return ret;
1715
1716 soprintf(ictx, "%s Product version: %x.%x.%x\n", stat[0],
1717 ntohs(hdr->product_version.major),
1718 ntohs(hdr->product_version.minor),
1719 ntohs(hdr->product_version.revision));
1720 soprintf(ictx, "%s Component version: %x.%x.%x\n", stat[0],
1721 ntohs(hdr->component_version.major),
1722 ntohs(hdr->component_version.minor),
1723 ntohs(hdr->component_version.revision));
1724
1725 if (hdr->flags & ~SB_IMAGE_FLAGS_MASK)
1726 ret = -EINVAL;
1727 soprintf(ictx, "%s Image flags: %s\n", stat[!!ret],
1728 hdr->flags & SB_IMAGE_FLAG_DISPLAY_PROGRESS ?
1729 "Display_progress" : "");
1730 if (ret)
1731 return ret;
1732
1733 if (hdr->drive_tag != 0)
1734 ret = -EINVAL;
1735 soprintf(ictx, "%s Drive tag: %i\n", stat[!!ret],
1736 hdr->drive_tag);
1737 if (ret)
1738 return ret;
1739
1740 sz = sizeof(struct sb_boot_image_header) / SB_BLOCK_SIZE;
1741 if (hdr->header_blocks != sz)
1742 ret = -EINVAL;
1743 soprintf(ictx, "%s Image header size (blocks): %i\n", stat[!!ret],
1744 hdr->header_blocks);
1745 if (ret)
1746 return ret;
1747
1748 sz = sizeof(struct sb_sections_header) / SB_BLOCK_SIZE;
1749 if (hdr->section_header_size != sz)
1750 ret = -EINVAL;
1751 soprintf(ictx, "%s Section header size (blocks): %i\n", stat[!!ret],
1752 hdr->section_header_size);
1753 if (ret)
1754 return ret;
1755
1756 soprintf(ictx, "%s Sections count: %i\n", stat[!!ret],
1757 hdr->section_count);
1758 soprintf(ictx, "%s First bootable section %i\n", stat[!!ret],
1759 hdr->first_boot_section_id);
1760
1761 if (hdr->image_blocks != fsize / SB_BLOCK_SIZE)
1762 ret = -EINVAL;
1763 soprintf(ictx, "%s Image size (blocks): %i\n", stat[!!ret],
1764 hdr->image_blocks);
1765 if (ret)
1766 return ret;
1767
1768 sz = hdr->header_blocks + hdr->section_header_size * hdr->section_count;
1769 if (hdr->key_dictionary_block != sz)
1770 ret = -EINVAL;
1771 soprintf(ictx, "%s Key dict offset (blocks): %i\n", stat[!!ret],
1772 hdr->key_dictionary_block);
1773 if (ret)
1774 return ret;
1775
1776 if (hdr->key_count != 1)
1777 ret = -EINVAL;
1778 soprintf(ictx, "%s Number of encryption keys: %i\n", stat[!!ret],
1779 hdr->key_count);
1780 if (ret)
1781 return ret;
1782
1783 sz = hdr->header_blocks + hdr->section_header_size * hdr->section_count;
1784 sz += hdr->key_count *
1785 sizeof(struct sb_key_dictionary_key) / SB_BLOCK_SIZE;
1786 if (hdr->first_boot_tag_block != (unsigned)sz)
1787 ret = -EINVAL;
1788 soprintf(ictx, "%s First TAG block (blocks): %i\n", stat[!!ret],
1789 hdr->first_boot_tag_block);
1790 if (ret)
1791 return ret;
1792
1793 return 0;
1794 }
1795
sb_decrypt_tag(struct sb_image_ctx * ictx,struct sb_cmd_ctx * cctx)1796 static void sb_decrypt_tag(struct sb_image_ctx *ictx,
1797 struct sb_cmd_ctx *cctx)
1798 {
1799 EVP_MD_CTX *md_ctx = ictx->md_ctx;
1800 struct sb_command *cmd = &cctx->payload;
1801
1802 sb_aes_crypt(ictx, (uint8_t *)&cctx->c_payload,
1803 (uint8_t *)&cctx->payload, sizeof(*cmd));
1804 EVP_DigestUpdate(md_ctx, &cctx->c_payload, sizeof(*cmd));
1805 }
1806
sb_verify_command(struct sb_image_ctx * ictx,struct sb_cmd_ctx * cctx,FILE * fp,unsigned long * tsize)1807 static int sb_verify_command(struct sb_image_ctx *ictx,
1808 struct sb_cmd_ctx *cctx, FILE *fp,
1809 unsigned long *tsize)
1810 {
1811 struct sb_command *ccmd = &cctx->payload;
1812 unsigned long size, asize;
1813 char *csum, *flag = "";
1814 int ret;
1815 unsigned int i;
1816 uint8_t csn, csc = ccmd->header.checksum;
1817 ccmd->header.checksum = 0x5a;
1818 csn = sb_command_checksum(ccmd);
1819 ccmd->header.checksum = csc;
1820
1821 if (csc == csn)
1822 ret = 0;
1823 else
1824 ret = -EINVAL;
1825 csum = ret ? "checksum BAD" : "checksum OK";
1826
1827 switch (ccmd->header.tag) {
1828 case ROM_NOP_CMD:
1829 soprintf(ictx, " NOOP # %s\n", csum);
1830 return ret;
1831 case ROM_TAG_CMD:
1832 if (ccmd->header.flags & ROM_TAG_CMD_FLAG_ROM_LAST_TAG)
1833 flag = "LAST";
1834 soprintf(ictx, " TAG %s # %s\n", flag, csum);
1835 sb_aes_reinit(ictx, 0);
1836 return ret;
1837 case ROM_LOAD_CMD:
1838 soprintf(ictx, " LOAD addr=0x%08x length=0x%08x # %s\n",
1839 ccmd->load.address, ccmd->load.count, csum);
1840
1841 cctx->length = ccmd->load.count;
1842 asize = roundup(cctx->length, SB_BLOCK_SIZE);
1843 cctx->data = malloc(asize);
1844 if (!cctx->data)
1845 return -ENOMEM;
1846
1847 size = fread(cctx->data, 1, asize, fp);
1848 if (size != asize) {
1849 fprintf(stderr,
1850 "ERR: SB LOAD command payload too short!\n");
1851 return -EINVAL;
1852 }
1853
1854 *tsize += size;
1855
1856 EVP_DigestUpdate(ictx->md_ctx, cctx->data, asize);
1857 sb_aes_crypt(ictx, cctx->data, cctx->data, asize);
1858
1859 if (ccmd->load.crc32 != pbl_crc32(0,
1860 (const char *)cctx->data,
1861 asize)) {
1862 fprintf(stderr,
1863 "ERR: SB LOAD command payload CRC32 invalid!\n");
1864 return -EINVAL;
1865 }
1866 return 0;
1867 case ROM_FILL_CMD:
1868 soprintf(ictx,
1869 " FILL addr=0x%08x length=0x%08x pattern=0x%08x # %s\n",
1870 ccmd->fill.address, ccmd->fill.count,
1871 ccmd->fill.pattern, csum);
1872 return 0;
1873 case ROM_JUMP_CMD:
1874 if (ccmd->header.flags & ROM_JUMP_CMD_FLAG_HAB)
1875 flag = " HAB";
1876 soprintf(ictx,
1877 " JUMP%s addr=0x%08x r0_arg=0x%08x # %s\n",
1878 flag, ccmd->fill.address, ccmd->jump.argument, csum);
1879 return 0;
1880 case ROM_CALL_CMD:
1881 if (ccmd->header.flags & ROM_CALL_CMD_FLAG_HAB)
1882 flag = " HAB";
1883 soprintf(ictx,
1884 " CALL%s addr=0x%08x r0_arg=0x%08x # %s\n",
1885 flag, ccmd->fill.address, ccmd->jump.argument, csum);
1886 return 0;
1887 case ROM_MODE_CMD:
1888 for (i = 0; i < ARRAY_SIZE(modetable); i++) {
1889 if (ccmd->mode.mode == modetable[i].mode) {
1890 soprintf(ictx, " MODE %s # %s\n",
1891 modetable[i].name, csum);
1892 break;
1893 }
1894 }
1895 fprintf(stderr, " MODE !INVALID! # %s\n", csum);
1896 return 0;
1897 }
1898
1899 return ret;
1900 }
1901
sb_verify_commands(struct sb_image_ctx * ictx,struct sb_section_ctx * sctx,FILE * fp)1902 static int sb_verify_commands(struct sb_image_ctx *ictx,
1903 struct sb_section_ctx *sctx, FILE *fp)
1904 {
1905 unsigned long size, tsize = 0;
1906 struct sb_cmd_ctx *cctx;
1907 int ret;
1908
1909 sb_aes_reinit(ictx, 0);
1910
1911 while (tsize < sctx->size) {
1912 cctx = calloc(1, sizeof(*cctx));
1913 if (!cctx)
1914 return -ENOMEM;
1915 if (!sctx->cmd_head) {
1916 sctx->cmd_head = cctx;
1917 sctx->cmd_tail = cctx;
1918 } else {
1919 sctx->cmd_tail->cmd = cctx;
1920 sctx->cmd_tail = cctx;
1921 }
1922
1923 size = fread(&cctx->c_payload, 1, sizeof(cctx->c_payload), fp);
1924 if (size != sizeof(cctx->c_payload)) {
1925 fprintf(stderr, "ERR: SB command header too short!\n");
1926 return -EINVAL;
1927 }
1928
1929 tsize += size;
1930
1931 sb_decrypt_tag(ictx, cctx);
1932
1933 ret = sb_verify_command(ictx, cctx, fp, &tsize);
1934 if (ret)
1935 return -EINVAL;
1936 }
1937
1938 return 0;
1939 }
1940
sb_verify_sections_cmds(struct sb_image_ctx * ictx,FILE * fp)1941 static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)
1942 {
1943 struct sb_boot_image_header *hdr = &ictx->payload;
1944 struct sb_sections_header *shdr;
1945 unsigned int i;
1946 int ret;
1947 struct sb_section_ctx *sctx;
1948 unsigned long size;
1949 char *bootable = "";
1950
1951 soprintf(ictx, "----- Verifying SB Sections and Commands -----\n");
1952
1953 for (i = 0; i < hdr->section_count; i++) {
1954 sctx = calloc(1, sizeof(*sctx));
1955 if (!sctx)
1956 return -ENOMEM;
1957 if (!ictx->sect_head) {
1958 ictx->sect_head = sctx;
1959 ictx->sect_tail = sctx;
1960 } else {
1961 ictx->sect_tail->sect = sctx;
1962 ictx->sect_tail = sctx;
1963 }
1964
1965 size = fread(&sctx->payload, 1, sizeof(sctx->payload), fp);
1966 if (size != sizeof(sctx->payload)) {
1967 fprintf(stderr, "ERR: SB section header too short!\n");
1968 return -EINVAL;
1969 }
1970 }
1971
1972 size = fread(&ictx->sb_dict_key, 1, sizeof(ictx->sb_dict_key), fp);
1973 if (size != sizeof(ictx->sb_dict_key)) {
1974 fprintf(stderr, "ERR: SB key dictionary too short!\n");
1975 return -EINVAL;
1976 }
1977
1978 sb_encrypt_sb_sections_header(ictx);
1979 sb_aes_reinit(ictx, 0);
1980 sb_decrypt_key_dictionary_key(ictx);
1981
1982 sb_aes_reinit(ictx, 0);
1983
1984 sctx = ictx->sect_head;
1985 while (sctx) {
1986 shdr = &sctx->payload;
1987
1988 if (shdr->section_flags & SB_SECTION_FLAG_BOOTABLE) {
1989 sctx->boot = 1;
1990 bootable = " BOOTABLE";
1991 }
1992
1993 sctx->size = (shdr->section_size * SB_BLOCK_SIZE) +
1994 sizeof(struct sb_command);
1995 soprintf(ictx, "SECTION 0x%x%s # size = %i bytes\n",
1996 shdr->section_number, bootable, sctx->size);
1997
1998 if (shdr->section_flags & ~SB_SECTION_FLAG_BOOTABLE)
1999 fprintf(stderr, " WARN: Unknown section flag(s) %08x\n",
2000 shdr->section_flags);
2001
2002 if ((shdr->section_flags & SB_SECTION_FLAG_BOOTABLE) &&
2003 (hdr->first_boot_section_id != shdr->section_number)) {
2004 fprintf(stderr,
2005 " WARN: Bootable section does ID not match image header ID!\n");
2006 }
2007
2008 ret = sb_verify_commands(ictx, sctx, fp);
2009 if (ret)
2010 return ret;
2011
2012 sctx = sctx->sect;
2013 }
2014
2015 /*
2016 * FIXME IDEA:
2017 * check if the first TAG command is at sctx->section_offset
2018 */
2019 return 0;
2020 }
2021
sb_verify_image_end(struct sb_image_ctx * ictx,FILE * fp,off_t filesz)2022 static int sb_verify_image_end(struct sb_image_ctx *ictx,
2023 FILE *fp, off_t filesz)
2024 {
2025 uint8_t digest[32];
2026 unsigned long size;
2027 off_t pos;
2028 int ret;
2029
2030 soprintf(ictx, "------------- Verifying image end -------------\n");
2031
2032 size = fread(digest, 1, sizeof(digest), fp);
2033 if (size != sizeof(digest)) {
2034 fprintf(stderr, "ERR: SB key dictionary too short!\n");
2035 return -EINVAL;
2036 }
2037
2038 pos = ftell(fp);
2039 if (pos != filesz) {
2040 fprintf(stderr, "ERR: Trailing data past the image!\n");
2041 return -EINVAL;
2042 }
2043
2044 /* Check the image digest. */
2045 EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);
2046 EVP_MD_CTX_free(ictx->md_ctx);
2047
2048 /* Decrypt the image digest from the input image. */
2049 sb_aes_reinit(ictx, 0);
2050 sb_aes_crypt(ictx, digest, digest, sizeof(digest));
2051
2052 /* Check all of 20 bytes of the SHA1 hash. */
2053 ret = memcmp(digest, ictx->digest, 20) ? -EINVAL : 0;
2054
2055 if (ret)
2056 soprintf(ictx, "[FAIL] Full-image checksum: BAD\n");
2057 else
2058 soprintf(ictx, "[PASS] Full-image checksum: OK\n");
2059
2060 return ret;
2061 }
2062
2063
sb_build_tree_from_img(struct sb_image_ctx * ictx)2064 static int sb_build_tree_from_img(struct sb_image_ctx *ictx)
2065 {
2066 long filesize;
2067 int ret;
2068 FILE *fp;
2069
2070 if (!ictx->input_filename) {
2071 fprintf(stderr, "ERR: Missing filename!\n");
2072 return -EINVAL;
2073 }
2074
2075 fp = fopen(ictx->input_filename, "r");
2076 if (!fp)
2077 goto err_open;
2078
2079 ret = fseek(fp, 0, SEEK_END);
2080 if (ret < 0)
2081 goto err_file;
2082
2083 filesize = ftell(fp);
2084 if (filesize < 0)
2085 goto err_file;
2086
2087 ret = fseek(fp, 0, SEEK_SET);
2088 if (ret < 0)
2089 goto err_file;
2090
2091 if (filesize < (signed)sizeof(ictx->payload)) {
2092 fprintf(stderr, "ERR: File too short!\n");
2093 goto err_file;
2094 }
2095
2096 if (filesize & (SB_BLOCK_SIZE - 1)) {
2097 fprintf(stderr, "ERR: The file is not aligned!\n");
2098 goto err_file;
2099 }
2100
2101 /* Load and verify image header */
2102 ret = sb_verify_image_header(ictx, fp, filesize);
2103 if (ret)
2104 goto err_verify;
2105
2106 /* Load and verify sections and commands */
2107 ret = sb_verify_sections_cmds(ictx, fp);
2108 if (ret)
2109 goto err_verify;
2110
2111 ret = sb_verify_image_end(ictx, fp, filesize);
2112 if (ret)
2113 goto err_verify;
2114
2115 ret = 0;
2116
2117 err_verify:
2118 soprintf(ictx, "-------------------- Result -------------------\n");
2119 soprintf(ictx, "Verification %s\n", ret ? "FAILED" : "PASSED");
2120
2121 /* Stop the encryption session. */
2122 sb_aes_deinit(ictx->cipher_ctx);
2123
2124 fclose(fp);
2125 return ret;
2126
2127 err_file:
2128 fclose(fp);
2129 err_open:
2130 fprintf(stderr, "ERR: Failed to load file \"%s\"\n",
2131 ictx->input_filename);
2132 return -EINVAL;
2133 }
2134
sb_free_image(struct sb_image_ctx * ictx)2135 static void sb_free_image(struct sb_image_ctx *ictx)
2136 {
2137 struct sb_section_ctx *sctx = ictx->sect_head, *s_head;
2138 struct sb_dcd_ctx *dctx = ictx->dcd_head, *d_head;
2139 struct sb_cmd_ctx *cctx, *c_head;
2140
2141 while (sctx) {
2142 s_head = sctx;
2143 c_head = sctx->cmd_head;
2144
2145 while (c_head) {
2146 cctx = c_head;
2147 c_head = c_head->cmd;
2148 if (cctx->data)
2149 free(cctx->data);
2150 free(cctx);
2151 }
2152
2153 sctx = sctx->sect;
2154 free(s_head);
2155 }
2156
2157 while (dctx) {
2158 d_head = dctx;
2159 dctx = dctx->dcd;
2160 free(d_head->payload);
2161 free(d_head);
2162 }
2163 }
2164
2165 /*
2166 * MXSSB-MKIMAGE glue code.
2167 */
mxsimage_check_image_types(uint8_t type)2168 static int mxsimage_check_image_types(uint8_t type)
2169 {
2170 if (type == IH_TYPE_MXSIMAGE)
2171 return EXIT_SUCCESS;
2172 else
2173 return EXIT_FAILURE;
2174 }
2175
mxsimage_set_header(void * ptr,struct stat * sbuf,int ifd,struct image_tool_params * params)2176 static void mxsimage_set_header(void *ptr, struct stat *sbuf, int ifd,
2177 struct image_tool_params *params)
2178 {
2179 }
2180
mxsimage_check_params(struct image_tool_params * params)2181 int mxsimage_check_params(struct image_tool_params *params)
2182 {
2183 if (!params)
2184 return -1;
2185 if (!strlen(params->imagename)) {
2186 fprintf(stderr,
2187 "Error: %s - Configuration file not specified, it is needed for mxsimage generation\n",
2188 params->cmdname);
2189 return -1;
2190 }
2191
2192 /*
2193 * Check parameters:
2194 * XIP is not allowed and verify that incompatible
2195 * parameters are not sent at the same time
2196 * For example, if list is required a data image must not be provided
2197 */
2198 return (params->dflag && (params->fflag || params->lflag)) ||
2199 (params->fflag && (params->dflag || params->lflag)) ||
2200 (params->lflag && (params->dflag || params->fflag)) ||
2201 (params->xflag) || !(strlen(params->imagename));
2202 }
2203
mxsimage_verify_print_header(char * file,int silent)2204 static int mxsimage_verify_print_header(char *file, int silent)
2205 {
2206 int ret;
2207 struct sb_image_ctx ctx;
2208
2209 memset(&ctx, 0, sizeof(ctx));
2210
2211 ctx.input_filename = file;
2212 ctx.silent_dump = silent;
2213
2214 ret = sb_build_tree_from_img(&ctx);
2215 sb_free_image(&ctx);
2216
2217 return ret;
2218 }
2219
2220 char *imagefile;
mxsimage_verify_header(unsigned char * ptr,int image_size,struct image_tool_params * params)2221 static int mxsimage_verify_header(unsigned char *ptr, int image_size,
2222 struct image_tool_params *params)
2223 {
2224 struct sb_boot_image_header *hdr;
2225
2226 if (!ptr)
2227 return -EINVAL;
2228
2229 hdr = (struct sb_boot_image_header *)ptr;
2230
2231 /*
2232 * Check if the header contains the MXS image signatures,
2233 * if so, do a full-image verification.
2234 */
2235 if (memcmp(hdr->signature1, "STMP", 4) ||
2236 memcmp(hdr->signature2, "sgtl", 4))
2237 return -EINVAL;
2238
2239 imagefile = params->imagefile;
2240
2241 return mxsimage_verify_print_header(params->imagefile, 1);
2242 }
2243
mxsimage_print_header(const void * hdr)2244 static void mxsimage_print_header(const void *hdr)
2245 {
2246 if (imagefile)
2247 mxsimage_verify_print_header(imagefile, 0);
2248 }
2249
sb_build_image(struct sb_image_ctx * ictx,struct image_type_params * tparams)2250 static int sb_build_image(struct sb_image_ctx *ictx,
2251 struct image_type_params *tparams)
2252 {
2253 struct sb_boot_image_header *sb_header = &ictx->payload;
2254 struct sb_section_ctx *sctx;
2255 struct sb_cmd_ctx *cctx;
2256 struct sb_command *ccmd;
2257 struct sb_key_dictionary_key *sb_dict_key = &ictx->sb_dict_key;
2258
2259 uint8_t *image, *iptr;
2260
2261 /* Calculate image size. */
2262 uint32_t size = sizeof(*sb_header) +
2263 ictx->sect_count * sizeof(struct sb_sections_header) +
2264 sizeof(*sb_dict_key) + sizeof(ictx->digest);
2265
2266 sctx = ictx->sect_head;
2267 while (sctx) {
2268 size += sctx->size;
2269 sctx = sctx->sect;
2270 };
2271
2272 image = malloc(size);
2273 if (!image)
2274 return -ENOMEM;
2275 iptr = image;
2276
2277 memcpy(iptr, sb_header, sizeof(*sb_header));
2278 iptr += sizeof(*sb_header);
2279
2280 sctx = ictx->sect_head;
2281 while (sctx) {
2282 memcpy(iptr, &sctx->payload, sizeof(struct sb_sections_header));
2283 iptr += sizeof(struct sb_sections_header);
2284 sctx = sctx->sect;
2285 };
2286
2287 memcpy(iptr, sb_dict_key, sizeof(*sb_dict_key));
2288 iptr += sizeof(*sb_dict_key);
2289
2290 sctx = ictx->sect_head;
2291 while (sctx) {
2292 cctx = sctx->cmd_head;
2293 while (cctx) {
2294 ccmd = &cctx->payload;
2295
2296 memcpy(iptr, &cctx->c_payload, sizeof(cctx->payload));
2297 iptr += sizeof(cctx->payload);
2298
2299 if (ccmd->header.tag == ROM_LOAD_CMD) {
2300 memcpy(iptr, cctx->data, cctx->length);
2301 iptr += cctx->length;
2302 }
2303
2304 cctx = cctx->cmd;
2305 }
2306
2307 sctx = sctx->sect;
2308 };
2309
2310 memcpy(iptr, ictx->digest, sizeof(ictx->digest));
2311 iptr += sizeof(ictx->digest);
2312
2313 /* Configure the mkimage */
2314 tparams->hdr = image;
2315 tparams->header_size = size;
2316
2317 return 0;
2318 }
2319
mxsimage_generate(struct image_tool_params * params,struct image_type_params * tparams)2320 static int mxsimage_generate(struct image_tool_params *params,
2321 struct image_type_params *tparams)
2322 {
2323 int ret;
2324 struct sb_image_ctx ctx;
2325
2326 /* Do not copy the U-Boot image! */
2327 params->skipcpy = 1;
2328
2329 memset(&ctx, 0, sizeof(ctx));
2330
2331 ctx.cfg_filename = params->imagename;
2332 ctx.output_filename = params->imagefile;
2333
2334 ret = sb_build_tree_from_cfg(&ctx);
2335 if (ret)
2336 goto fail;
2337
2338 ret = sb_encrypt_image(&ctx);
2339 if (!ret)
2340 ret = sb_build_image(&ctx, tparams);
2341
2342 fail:
2343 sb_free_image(&ctx);
2344
2345 return ret;
2346 }
2347
2348 /*
2349 * mxsimage parameters
2350 */
2351 U_BOOT_IMAGE_TYPE(
2352 mxsimage,
2353 "Freescale MXS Boot Image support",
2354 0,
2355 NULL,
2356 mxsimage_check_params,
2357 mxsimage_verify_header,
2358 mxsimage_print_header,
2359 mxsimage_set_header,
2360 NULL,
2361 mxsimage_check_image_types,
2362 NULL,
2363 mxsimage_generate
2364 );
2365 #endif
2366