aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/Makefile7
-rw-r--r--tools/binman/entries.rst38
-rw-r--r--tools/binman/etype/pre_load.py162
-rw-r--r--tools/binman/ftest.py51
-rw-r--r--tools/binman/test/225_dev.key28
-rw-r--r--tools/binman/test/225_pre_load.dts22
-rw-r--r--tools/binman/test/226_pre_load_pkcs.dts23
-rw-r--r--tools/binman/test/227_pre_load_pss.dts23
-rw-r--r--tools/binman/test/228_pre_load_invalid_padding.dts23
-rw-r--r--tools/binman/test/229_pre_load_invalid_sha.dts23
-rw-r--r--tools/binman/test/230_pre_load_invalid_algo.dts23
-rw-r--r--tools/binman/test/231_pre_load_invalid_key.dts23
-rw-r--r--tools/fit_image.c3
-rw-r--r--tools/image-host.c114
-rw-r--r--tools/imagetool.h1
-rw-r--r--tools/mkimage.c1
-rw-r--r--tools/sunxi_egon.c73
-rw-r--r--tools/sunxi_toc0.c907
18 files changed, 1535 insertions, 10 deletions
diff --git a/tools/Makefile b/tools/Makefile
index 60231c728c..e17271be8b 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -94,9 +94,10 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.
AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
aes-encrypt.o aes-decrypt.o)
-# Cryptographic helpers that depend on openssl/libcrypto
-LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
- fdt-libcrypto.o)
+# Cryptographic helpers and image types that depend on openssl/libcrypto
+LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \
+ lib/fdt-libcrypto.o \
+ sunxi_toc0.o
ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index be8de5560c..ae4305c99e 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -1155,6 +1155,44 @@ placed at offset 'RESET_VECTOR_ADDRESS - 0xffc'.
+Entry: pre-load: Pre load image header
+--------------------------------------
+
+Properties / Entry arguments:
+ - key-path: Path of the directory that store key (provided by the environment variable KEY_PATH)
+ - content: List of phandles to entries to sign
+ - algo-name: Hash and signature algo to use for the signature
+ - padding-name: Name of the padding (pkcs-1.5 or pss)
+ - key-name: Filename of the private key to sign
+ - header-size: Total size of the header
+ - version: Version of the header
+
+This entry creates a pre-load header that contains a global
+image signature.
+
+For example, this creates an image with a pre-load header and a binary::
+
+ binman {
+ image2 {
+ filename = "sandbox.bin";
+
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa2048";
+ padding-name = "pss";
+ key-name = "private.pem";
+ header-size = <4096>;
+ version = <1>;
+ };
+
+ image: blob-ext {
+ filename = "sandbox.itb";
+ };
+ };
+ };
+
+
+
Entry: scp: System Control Processor (SCP) firmware blob
--------------------------------------------------------
diff --git a/tools/binman/etype/pre_load.py b/tools/binman/etype/pre_load.py
new file mode 100644
index 0000000000..245ee75525
--- /dev/null
+++ b/tools/binman/etype/pre_load.py
@@ -0,0 +1,162 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (c) 2022 Softathome
+# Written by Philippe Reynes <philippe.reynes@softathome.com>
+#
+# Entry-type for the global header
+#
+
+import os
+import struct
+from dtoc import fdt_util
+from patman import tools
+
+from binman.entry import Entry
+from binman.etype.collection import Entry_collection
+from binman.entry import EntryArg
+
+from Cryptodome.Hash import SHA256, SHA384, SHA512
+from Cryptodome.PublicKey import RSA
+from Cryptodome.Signature import pkcs1_15
+from Cryptodome.Signature import pss
+
+PRE_LOAD_MAGIC = b'UBSH'
+
+RSAS = {
+ 'rsa1024': 1024 / 8,
+ 'rsa2048': 2048 / 8,
+ 'rsa4096': 4096 / 8
+}
+
+SHAS = {
+ 'sha256': SHA256,
+ 'sha384': SHA384,
+ 'sha512': SHA512
+}
+
+class Entry_pre_load(Entry_collection):
+ """Pre load image header
+
+ Properties / Entry arguments:
+ - pre-load-key-path: Path of the directory that store key (provided by the environment variable PRE_LOAD_KEY_PATH)
+ - content: List of phandles to entries to sign
+ - algo-name: Hash and signature algo to use for the signature
+ - padding-name: Name of the padding (pkcs-1.5 or pss)
+ - key-name: Filename of the private key to sign
+ - header-size: Total size of the header
+ - version: Version of the header
+
+ This entry creates a pre-load header that contains a global
+ image signature.
+
+ For example, this creates an image with a pre-load header and a binary::
+
+ binman {
+ image2 {
+ filename = "sandbox.bin";
+
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa2048";
+ padding-name = "pss";
+ key-name = "private.pem";
+ header-size = <4096>;
+ version = <1>;
+ };
+
+ image: blob-ext {
+ filename = "sandbox.itb";
+ };
+ };
+ };
+ """
+
+ def __init__(self, section, etype, node):
+ super().__init__(section, etype, node)
+ self.algo_name = fdt_util.GetString(self._node, 'algo-name')
+ self.padding_name = fdt_util.GetString(self._node, 'padding-name')
+ self.key_name = fdt_util.GetString(self._node, 'key-name')
+ self.header_size = fdt_util.GetInt(self._node, 'header-size')
+ self.version = fdt_util.GetInt(self._node, 'version')
+
+ def ReadNode(self):
+ super().ReadNode()
+ self.key_path, = self.GetEntryArgsOrProps([EntryArg('pre-load-key-path', str)])
+ if self.key_path is None:
+ self.key_path = ''
+
+ def _CreateHeader(self):
+ """Create a pre load header"""
+ hash_name, sign_name = self.algo_name.split(',')
+ padding_name = self.padding_name
+ key_name = os.path.join(self.key_path, self.key_name)
+
+ # Check hash and signature name/type
+ if hash_name not in SHAS:
+ self.Raise(hash_name + " is not supported")
+ if sign_name not in RSAS:
+ self.Raise(sign_name + " is not supported")
+
+ # Read the key
+ with open(key_name, 'rb') as pem:
+ key = RSA.import_key(pem.read())
+
+ # Check if the key has the expected size
+ if key.size_in_bytes() != RSAS[sign_name]:
+ self.Raise("The key " + self.key_name + " don't have the expected size")
+
+ # Compute the hash
+ hash_image = SHAS[hash_name].new()
+ hash_image.update(self.image)
+
+ # Compute the signature
+ if padding_name is None:
+ padding_name = "pkcs-1.5"
+ if padding_name == "pss":
+ salt_len = key.size_in_bytes() - hash_image.digest_size - 2
+ padding = pss
+ padding_args = {'salt_bytes': salt_len}
+ elif padding_name == "pkcs-1.5":
+ padding = pkcs1_15
+ padding_args = {}
+ else:
+ self.Raise(padding_name + " is not supported")
+
+ sig = padding.new(key, **padding_args).sign(hash_image)
+
+ hash_sig = SHA256.new()
+ hash_sig.update(sig)
+
+ version = self.version
+ header_size = self.header_size
+ image_size = len(self.image)
+ ofs_img_sig = 64 + len(sig)
+ flags = 0
+ reserved0 = 0
+ reserved1 = 0
+
+ first_header = struct.pack('>4sIIIIIII32s', PRE_LOAD_MAGIC,
+ version, header_size, image_size,
+ ofs_img_sig, flags, reserved0,
+ reserved1, hash_sig.digest())
+
+ hash_first_header = SHAS[hash_name].new()
+ hash_first_header.update(first_header)
+ sig_first_header = padding.new(key, **padding_args).sign(hash_first_header)
+
+ data = first_header + sig_first_header + sig
+ pad = bytearray(self.header_size - len(data))
+
+ return data + pad
+
+ def ObtainContents(self):
+ """Obtain a placeholder for the header contents"""
+ # wait that the image is available
+ self.image = self.GetContents(False)
+ if self.image is None:
+ return False
+ self.SetContents(self._CreateHeader())
+ return True
+
+ def ProcessContents(self):
+ data = self._CreateHeader()
+ return self.ProcessContentsUpdate(data)
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 876953f113..4ce181a066 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -91,6 +91,9 @@ SCP_DATA = b'scp'
TEST_FDT1_DATA = b'fdt1'
TEST_FDT2_DATA = b'test-fdt2'
ENV_DATA = b'var1=1\nvar2="2"'
+PRE_LOAD_MAGIC = b'UBSH'
+PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big')
+PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big')
# Subdirectory of the input dir to use to put test FDTs
TEST_FDT_SUBDIR = 'fdts'
@@ -5471,6 +5474,54 @@ fdt fdtmap Extract the devicetree blob from the fdtmap
err,
"Image '.*' is missing external blobs and is non-functional: .*")
+ def testPreLoad(self):
+ """Test an image with a pre-load header"""
+ entry_args = {
+ 'pre-load-key-path': '.',
+ }
+ data, _, _, _ = self._DoReadFileDtb('225_pre_load.dts',
+ entry_args=entry_args)
+ self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
+ self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
+ self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])
+ data = self._DoReadFile('225_pre_load.dts')
+ self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
+ self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
+ self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])
+
+ def testPreLoadPkcs(self):
+ """Test an image with a pre-load header with padding pkcs"""
+ data = self._DoReadFile('226_pre_load_pkcs.dts')
+ self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
+ self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
+ self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])
+
+ def testPreLoadPss(self):
+ """Test an image with a pre-load header with padding pss"""
+ data = self._DoReadFile('227_pre_load_pss.dts')
+ self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])
+ self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])
+ self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])
+
+ def testPreLoadInvalidPadding(self):
+ """Test an image with a pre-load header with an invalid padding"""
+ with self.assertRaises(ValueError) as e:
+ data = self._DoReadFile('228_pre_load_invalid_padding.dts')
+
+ def testPreLoadInvalidSha(self):
+ """Test an image with a pre-load header with an invalid hash"""
+ with self.assertRaises(ValueError) as e:
+ data = self._DoReadFile('229_pre_load_invalid_sha.dts')
+
+ def testPreLoadInvalidAlgo(self):
+ """Test an image with a pre-load header with an invalid algo"""
+ with self.assertRaises(ValueError) as e:
+ data = self._DoReadFile('230_pre_load_invalid_algo.dts')
+
+ def testPreLoadInvalidKey(self):
+ """Test an image with a pre-load header with an invalid key"""
+ with self.assertRaises(ValueError) as e:
+ data = self._DoReadFile('231_pre_load_invalid_key.dts')
if __name__ == "__main__":
unittest.main()
diff --git a/tools/binman/test/225_dev.key b/tools/binman/test/225_dev.key
new file mode 100644
index 0000000000..b36bad2cfb
--- /dev/null
+++ b/tools/binman/test/225_dev.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDYngNWUvXYRXX/
+WEUI7k164fcpv1srXz+u+5Y3Yhouw3kPs+ffvYyHAPfjF7aUIAgezKk/4o7AvsxE
+Rdih3T+0deAd/q/yuqN4Adzt6ImnsO/EqdtYl3Yh+Vck9xWhLd3SAw1++GfSmNMT
+gxlcc/z6z+bIh2tJNtPtRSNNHMmvYYOkBmkfwcjbMXD+fe4vBwYjVrIize+l7Yuv
+1qN2nFlq56pFi8Lj5vOvFyNhZHRvwcpWdUdkx39beNUfwrGhgewOeWngTcY75n7S
+FY45TBR1G2PR90CQvyDinCi9Mm0u5s+1WASQWPblovfD6CPbHQu4GZm+FAs7yUvr
+hA7VCyNxAgMBAAECggEAUbq0uaJNfc8faTtNuMPo2d9eGRNI+8FRTt0/3R+Xj2NT
+TvhrGUD0P4++96Df012OkshXZ3I8uD6E5ZGQ3emTeqwq5kZM7oE64jGZwO3G2k1o
++cO4reFfwgvItHrBX3HlyrI6KljhG1Vr9mW1cOuWXK+KfMiTUylrpo86dYLSGeg3
+7ZlsOPArr4eof/A0iPryQZX6X5POf7k/e9qRFYsOkoRQO8pBL3J4rIKwBl3uBN3K
++FY40vCkd8JyTo2DNfHeIe1XYA9fG2ahjD2qMsw10TUsRRMd5yhonEcJ7VzGzy8m
+MnuMDAr7CwbbLkKi4UfZUl6YDkojqerwLOrxikBqkQKBgQD6sS6asDgwiq5MtstE
+4/PxMrVEsCdkrU+jjQN749qIt/41a6lbp0Pr6aUKKKGs0QbcnCtlpp7qmhvymBcW
+hlqxk2wokKMChv4WLXjZS3DGcOdMglc81y2F+252bToN8vwUfm6DPp9/GKtejA0a
+GP57GeHxoVO7vfDX1F/vZRogRQKBgQDdNCLWOlGWvnKjfgNZHgX+Ou6ZgTSAzy+/
+hRsZPlY5nwO5iD7YkIKvqBdOmfyjlUpHWk2uAcT9pfgzYygvyBRaoQhAYBGkHItt
+slaMxnLd+09wWufoCbgJvFn+wVQxBLcA5PXB98ws0Dq8ZYuo6AOuoRivsSO4lblK
+MW0guBJXPQKBgQDGjf0ukbH/aGfC5Oi8SJvWhuYhYC/jQo2YKUEAKCjXLnuOThZW
+PHXEbUrFcAcVfH0l0B9jJIQrpiHKlAF9Wq6MhQoeWuhxQQAQCrXzzRemZJgd9gIo
+cvlgbBNCgyJ/F9vmU3kuRDRJkv1wJhbee7tbPtXA7pkGUttl5pSRZI87zQKBgQC/
+0ZkwCox72xTQP9MpcYai6nnDta5Q0NnIC+Xu4wakmwcA2WweIlqhdnMXnyLcu/YY
+n+9iqHgpuMXd0eukW62C1cexA13o4TPrYU36b5BmfKprdPlLVzo3fxTPfNjEVSFY
+7jNLC9YLOlrkym3sf53Jzjr5B/RA+d0ewHOwfs6wxQKBgFSyfjx5wtdHK4fO+Z1+
+q3bxouZryM/4CiPCFuw4+aZmRHPmufuNCvfXdF+IH8dM0E9ObwKZAe/aMP/Y+Abx
+Wz9Vm4CP6g7k3DU3INEygyjmIQQDKQ9lFdDnsP9ESzrPbaGxZhc4x2lo7qmeW1BR
+/RuiAofleFkT4s+EhLrfE/v5
+-----END PRIVATE KEY-----
diff --git a/tools/binman/test/225_pre_load.dts b/tools/binman/test/225_pre_load.dts
new file mode 100644
index 0000000000..c1ffe1a2ff
--- /dev/null
+++ b/tools/binman/test/225_pre_load.dts
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa2048";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <0x11223344>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/226_pre_load_pkcs.dts b/tools/binman/test/226_pre_load_pkcs.dts
new file mode 100644
index 0000000000..3db0a37f77
--- /dev/null
+++ b/tools/binman/test/226_pre_load_pkcs.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa2048";
+ padding-name = "pkcs-1.5";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <0x11223344>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/227_pre_load_pss.dts b/tools/binman/test/227_pre_load_pss.dts
new file mode 100644
index 0000000000..b1b01d5ad5
--- /dev/null
+++ b/tools/binman/test/227_pre_load_pss.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa2048";
+ padding-name = "pss";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <0x11223344>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/228_pre_load_invalid_padding.dts b/tools/binman/test/228_pre_load_invalid_padding.dts
new file mode 100644
index 0000000000..84fe289183
--- /dev/null
+++ b/tools/binman/test/228_pre_load_invalid_padding.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa2048";
+ padding-name = "padding";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <1>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/229_pre_load_invalid_sha.dts b/tools/binman/test/229_pre_load_invalid_sha.dts
new file mode 100644
index 0000000000..a2b6725c89
--- /dev/null
+++ b/tools/binman/test/229_pre_load_invalid_sha.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha2560,rsa2048";
+ padding-name = "pkcs-1.5";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <1>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/230_pre_load_invalid_algo.dts b/tools/binman/test/230_pre_load_invalid_algo.dts
new file mode 100644
index 0000000000..34c8d34f15
--- /dev/null
+++ b/tools/binman/test/230_pre_load_invalid_algo.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa20480";
+ padding-name = "pkcs-1.5";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <1>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/binman/test/231_pre_load_invalid_key.dts b/tools/binman/test/231_pre_load_invalid_key.dts
new file mode 100644
index 0000000000..08d5a75ddf
--- /dev/null
+++ b/tools/binman/test/231_pre_load_invalid_key.dts
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ binman {
+ pre-load {
+ content = <&image>;
+ algo-name = "sha256,rsa4096";
+ padding-name = "pkcs-1.5";
+ key-name = "tools/binman/test/225_dev.key";
+ header-size = <4096>;
+ version = <1>;
+ };
+
+ image: blob-ext {
+ filename = "refcode.bin";
+ };
+ };
+};
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 15f7c82d61..1884a2eb0b 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -59,6 +59,9 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
ret = fit_set_timestamp(ptr, 0, time);
}
+ if (!ret)
+ ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
+
if (!ret) {
ret = fit_cipher_data(params->keydir, dest_blob, ptr,
params->comment,
diff --git a/tools/image-host.c b/tools/image-host.c
index eaeb76545c..ab6f756cf1 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -14,6 +14,11 @@
#include <image.h>
#include <version.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+#define IMAGE_PRE_LOAD_PATH "/image/pre-load/sig"
+
/**
* fit_set_hash_value - set hash value in requested has node
* @fit: pointer to the FIT format image header
@@ -1111,6 +1116,115 @@ static int fit_config_add_verification_data(const char *keydir,
return 0;
}
+/*
+ * 0) open file (open)
+ * 1) read certificate (PEM_read_X509)
+ * 2) get public key (X509_get_pubkey)
+ * 3) provide der format (d2i_RSAPublicKey)
+ */
+static int read_pub_key(const char *keydir, const void *name,
+ unsigned char **pubkey, int *pubkey_len)
+{
+ char path[1024];
+ EVP_PKEY *key = NULL;
+ X509 *cert;
+ FILE *f;
+ int ret;
+
+ memset(path, 0, 1024);
+ snprintf(path, sizeof(path), "%s/%s.crt", keydir, (char *)name);
+
+ /* Open certificate file */
+ f = fopen(path, "r");
+ if (!f) {
+ fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
+ path, strerror(errno));
+ return -EACCES;
+ }
+
+ /* Read the certificate */
+ cert = NULL;
+ if (!PEM_read_X509(f, &cert, NULL, NULL)) {
+ printf("Couldn't read certificate");
+ ret = -EINVAL;
+ goto err_cert;
+ }
+
+ /* Get the public key from the certificate. */
+ key = X509_get_pubkey(cert);
+ if (!key) {
+ printf("Couldn't read public key\n");
+ ret = -EINVAL;
+ goto err_pubkey;
+ }
+
+ /* Get DER form */
+ ret = i2d_PublicKey(key, pubkey);
+ if (ret < 0) {
+ printf("Couldn't get DER form\n");
+ ret = -EINVAL;
+ goto err_pubkey;
+ }
+
+ *pubkey_len = ret;
+ ret = 0;
+
+err_pubkey:
+ X509_free(cert);
+err_cert:
+ fclose(f);
+ return ret;
+}
+
+int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
+{
+ int pre_load_noffset;
+ const void *algo_name;
+ const void *key_name;
+ unsigned char *pubkey = NULL;
+ int ret, pubkey_len;
+
+ if (!keydir || !keydest || !fit)
+ return 0;
+
+ /* Search node pre-load sig */
+ pre_load_noffset = fdt_path_offset(keydest, IMAGE_PRE_LOAD_PATH);
+ if (pre_load_noffset < 0) {
+ ret = 0;
+ goto out;
+ }
+
+ algo_name = fdt_getprop(keydest, pre_load_noffset, "algo-name", NULL);
+ key_name = fdt_getprop(keydest, pre_load_noffset, "key-name", NULL);
+
+ /* Check that all mandatory properties are present */
+ if (!algo_name || !key_name) {
+ if (!algo_name)
+ printf("The property algo-name is missing in the node %s\n",
+ IMAGE_PRE_LOAD_PATH);
+ if (!key_name)
+ printf("The property key-name is missing in the node %s\n",
+ IMAGE_PRE_LOAD_PATH);
+ ret = -ENODATA;
+ goto out;
+ }
+
+ /* Read public key */
+ ret = read_pub_key(keydir, key_name, &pubkey, &pubkey_len);
+ if (ret < 0)
+ goto out;
+
+ /* Add the public key to the device tree */
+ ret = fdt_setprop(keydest, pre_load_noffset, "public-key",
+ pubkey, pubkey_len);
+ if (ret)
+ printf("Can't set public-key in node %s (ret = %d)\n",
+ IMAGE_PRE_LOAD_PATH, ret);
+
+ out:
+ return ret;
+}
+
int fit_cipher_data(const char *keydir, void *keydest, void *fit,
const char *comment, int require_keys,
const char *engine_id, const char *cmdname)
diff --git a/tools/imagetool.h b/tools/imagetool.h
index 5169b0245d..05dd94d108 100644
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -53,6 +53,7 @@ struct image_tool_params {
int pflag;
int vflag;
int xflag;
+ int Aflag;
int skipcpy;
int os;
int arch;
diff --git a/tools/mkimage.c b/tools/mkimage.c
index 74bd072832..b46216fdc5 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -172,6 +172,7 @@ static void process_args(int argc, char **argv)
show_valid_options(IH_ARCH);
usage("Invalid architecture");
}
+ params.Aflag = 1;
break;
case 'b':
if (add_content(IH_TYPE_FLATDT, optarg)) {
diff --git a/tools/sunxi_egon.c b/tools/sunxi_egon.c
index d1398c07fb..d45b6f5e43 100644
--- a/tools/sunxi_egon.c
+++ b/tools/sunxi_egon.c
@@ -15,9 +15,29 @@
#define PAD_SIZE 8192
#define PAD_SIZE_MIN 512
+static int egon_get_arch(struct image_tool_params *params)
+{
+ if (params->Aflag)
+ return params->arch;
+
+ /* For compatibility, assume ARM when no architecture specified */
+ return IH_ARCH_ARM;
+}
+
static int egon_check_params(struct image_tool_params *params)
{
- /* We just need a binary image file. */
+ /*
+ * Check whether the architecture is supported.
+ */
+ switch (egon_get_arch(params)) {
+ case IH_ARCH_ARM:
+ case IH_ARCH_RISCV:
+ break;
+ default:
+ return EXIT_FAILURE;
+ }
+
+ /* We need a binary image file. */
return !params->dflag;
}
@@ -27,9 +47,22 @@ static int egon_verify_header(unsigned char *ptr, int image_size,
const struct boot_file_head *header = (void *)ptr;
uint32_t length;
- /* First 4 bytes must be an ARM branch instruction. */
- if ((le32_to_cpu(header->b_instruction) & 0xff000000) != 0xea000000)
- return EXIT_FAILURE;
+ /*
+ * First 4 bytes must be a branch instruction of the corresponding
+ * architecture.
+ */
+ switch (egon_get_arch(params)) {
+ case IH_ARCH_ARM:
+ if ((le32_to_cpu(header->b_instruction) & 0xff000000) != 0xea000000)
+ return EXIT_FAILURE;
+ break;
+ case IH_ARCH_RISCV:
+ if ((le32_to_cpu(header->b_instruction) & 0x00000fff) != 0x0000006f)
+ return EXIT_FAILURE;
+ break;
+ default:
+ return EXIT_FAILURE; /* Unknown architecture */
+ }
if (memcmp(header->magic, BOOT0_MAGIC, sizeof(header->magic)))
return EXIT_FAILURE;
@@ -78,9 +111,35 @@ static void egon_set_header(void *buf, struct stat *sbuf, int infd,
uint32_t checksum = 0, value;
int i;
- /* Generate an ARM branch instruction to jump over the header. */
- value = 0xea000000 | (sizeof(struct boot_file_head) / 4 - 2);
- header->b_instruction = cpu_to_le32(value);
+ /*
+ * Different architectures need different first instruction to
+ * branch to the body.
+ */
+ switch (egon_get_arch(params)) {
+ case IH_ARCH_ARM:
+ /* Generate an ARM branch instruction to jump over the header. */
+ value = 0xea000000 | (sizeof(struct boot_file_head) / 4 - 2);
+ header->b_instruction = cpu_to_le32(value);
+ break;
+ case IH_ARCH_RISCV:
+ /*
+ * Generate a RISC-V JAL instruction with rd=x0
+ * (pseudo instruction J, jump without side effects).
+ *
+ * The following weird bit operation maps imm[20]
+ * to inst[31], imm[10:1] to inst[30:21],
+ * imm[11] to inst[20], imm[19:12] to inst[19:12],
+ * and imm[0] is dropped (because 1-byte RISC-V instruction
+ * is not allowed).
+ */
+ value = 0x0000006f |
+ ((sizeof(struct boot_file_head) & 0x00100000) << 11) |
+ ((sizeof(struct boot_file_head) & 0x000007fe) << 20) |
+ ((sizeof(struct boot_file_head) & 0x00000800) << 9) |
+ ((sizeof(struct boot_file_head) & 0x000ff000) << 0);
+ header->b_instruction = cpu_to_le32(value);
+ break;
+ }
memcpy(header->magic, BOOT0_MAGIC, sizeof(header->magic));
header->check_sum = cpu_to_le32(BROM_STAMP_VALUE);
diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
new file mode 100644
index 0000000000..58a6e7a0a1
--- /dev/null
+++ b/tools/sunxi_toc0.c
@@ -0,0 +1,907 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * (C) Copyright 2018 Arm Ltd.
+ * (C) Copyright 2020-2021 Samuel Holland <samuel@sholland.org>
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+
+#include <image.h>
+#include <sunxi_image.h>
+
+#include "imagetool.h"
+#include "mkimage.h"
+
+/*
+ * NAND requires 8K padding. For other devices, BROM requires only
+ * 512B padding, but let's use the larger padding to cover everything.
+ */
+#define PAD_SIZE 8192
+
+#define pr_fmt(fmt) "mkimage (TOC0): %s: " fmt
+#define pr_err(fmt, args...) fprintf(stderr, pr_fmt(fmt), "error", ##args)
+#define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args)
+#define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args)
+
+struct __packed toc0_key_item {
+ __le32 vendor_id;
+ __le32 key0_n_len;
+ __le32 key0_e_len;
+ __le32 key1_n_len;
+ __le32 key1_e_len;
+ __le32 sig_len;
+ uint8_t key0[512];
+ uint8_t key1[512];
+ uint8_t reserved[32];
+ uint8_t sig[256];
+};
+
+/*
+ * This looks somewhat like an X.509 certificate, but it is not valid BER.
+ *
+ * Some differences:
+ * - Some X.509 certificate fields are missing or rearranged.
+ * - Some sequences have the wrong tag.
+ * - Zero-length sequences are accepted.
+ * - Large strings and integers must be an even number of bytes long.
+ * - Positive integers are not zero-extended to maintain their sign.
+ *
+ * See https://linux-sunxi.org/TOC0 for more information.
+ */
+struct __packed toc0_small_tag {
+ uint8_t tag;
+ uint8_t length;
+};
+
+typedef struct toc0_small_tag toc0_small_int;
+typedef struct toc0_small_tag toc0_small_oct;
+typedef struct toc0_small_tag toc0_small_seq;
+typedef struct toc0_small_tag toc0_small_exp;
+
+#define TOC0_SMALL_INT(len) { 0x02, (len) }
+#define TOC0_SMALL_SEQ(len) { 0x30, (len) }
+#define TOC0_SMALL_EXP(tag, len) { 0xa0 | (tag), len }
+
+struct __packed toc0_large_tag {
+ uint8_t tag;
+ uint8_t prefix;
+ uint8_t length_hi;
+ uint8_t length_lo;
+};
+
+typedef struct toc0_large_tag toc0_large_int;
+typedef struct toc0_large_tag toc0_large_bit;
+typedef struct toc0_large_tag toc0_large_seq;
+
+#define TOC0_LARGE_INT(len) { 0x02, 0x82, (len) >> 8, (len) & 0xff }
+#define TOC0_LARGE_BIT(len) { 0x03, 0x82, (len) >> 8, (len) & 0xff }
+#define TOC0_LARGE_SEQ(len) { 0x30, 0x82, (len) >> 8, (len) & 0xff }
+
+struct __packed toc0_cert_item {
+ toc0_large_seq tag_totalSequence;
+ struct __packed toc0_totalSequence {
+ toc0_large_seq tag_mainSequence;
+ struct __packed toc0_mainSequence {
+ toc0_small_exp tag_explicit0;
+ struct __packed toc0_explicit0 {
+ toc0_small_int tag_version;
+ uint8_t version;
+ } explicit0;
+ toc0_small_int tag_serialNumber;
+ uint8_t serialNumber;
+ toc0_small_seq tag_signature;
+ toc0_small_seq tag_issuer;
+ toc0_small_seq tag_validity;
+ toc0_small_seq tag_subject;
+ toc0_large_seq tag_subjectPublicKeyInfo;
+ struct __packed toc0_subjectPublicKeyInfo {
+ toc0_small_seq tag_algorithm;
+ toc0_large_seq tag_publicKey;
+ struct __packed toc0_publicKey {
+ toc0_large_int tag_n;
+ uint8_t n[256];
+ toc0_small_int tag_e;
+ uint8_t e[3];
+ } publicKey;
+ } subjectPublicKeyInfo;
+ toc0_small_exp tag_explicit3;
+ struct __packed toc0_explicit3 {
+ toc0_small_seq tag_extension;
+ struct __packed toc0_extension {
+ toc0_small_int tag_digest;
+ uint8_t digest[32];
+ } extension;
+ } explicit3;
+ } mainSequence;
+ toc0_large_bit tag_sigSequence;
+ struct __packed toc0_sigSequence {
+ toc0_small_seq tag_algorithm;
+ toc0_large_bit tag_signature;
+ uint8_t signature[256];
+ } sigSequence;
+ } totalSequence;
+};
+
+#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
+
+static const struct toc0_cert_item cert_item_template = {
+ TOC0_LARGE_SEQ(sizeof(struct toc0_totalSequence)),
+ {
+ TOC0_LARGE_SEQ(sizeof(struct toc0_mainSequence)),
+ {
+ TOC0_SMALL_EXP(0, sizeof(struct toc0_explicit0)),
+ {
+ TOC0_SMALL_INT(sizeof_field(struct toc0_explicit0, version)),
+ 0,
+ },
+ TOC0_SMALL_INT(sizeof_field(struct toc0_mainSequence, serialNumber)),
+ 0,
+ TOC0_SMALL_SEQ(0),
+ TOC0_SMALL_SEQ(0),
+ TOC0_SMALL_SEQ(0),
+ TOC0_SMALL_SEQ(0),
+ TOC0_LARGE_SEQ(sizeof(struct toc0_subjectPublicKeyInfo)),
+ {
+ TOC0_SMALL_SEQ(0),
+ TOC0_LARGE_SEQ(sizeof(struct toc0_publicKey)),
+ {
+ TOC0_LARGE_INT(sizeof_field(struct toc0_publicKey, n)),
+ {},
+ TOC0_SMALL_INT(sizeof_field(struct toc0_publicKey, e)),
+ {},
+ },
+ },
+ TOC0_SMALL_EXP(3, sizeof(struct toc0_explicit3)),
+ {
+ TOC0_SMALL_SEQ(sizeof(struct toc0_extension)),
+ {
+ TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)),
+ {},
+ },
+ },
+ },
+ TOC0_LARGE_BIT(sizeof(struct toc0_sigSequence)),
+ {
+ TOC0_SMALL_SEQ(0),
+ TOC0_LARGE_BIT(sizeof_field(struct toc0_sigSequence, signature)),
+ {},
+ },
+ },
+};
+
+#define TOC0_DEFAULT_NUM_ITEMS 3
+#define TOC0_DEFAULT_HEADER_LEN \
+ ALIGN( \
+ sizeof(struct toc0_main_info) + \
+ sizeof(struct toc0_item_info) * TOC0_DEFAULT_NUM_ITEMS + \
+ sizeof(struct toc0_cert_item) + \
+ sizeof(struct toc0_key_item), \
+ 32)
+
+static char *fw_key_file = "fw_key.pem";
+static char *key_item_file = "key_item.bin";
+static char *root_key_file = "root_key.pem";
+
+/*
+ * Create a key item in @buf, containing the public keys @root_key and @fw_key,
+ * and signed by the RSA key @root_key.
+ */
+static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
+ RSA *root_key, RSA *fw_key)
+{
+ struct toc0_key_item *key_item = (void *)buf;
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ int ret = EXIT_FAILURE;
+ unsigned int sig_len;
+ int n_len, e_len;
+
+ /* Store key 0. */
+ n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0);
+ e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len);
+ if (n_len + e_len > sizeof(key_item->key0)) {
+ pr_err("Root key is too big for key item\n");
+ goto err;
+ }
+ key_item->key0_n_len = cpu_to_le32(n_len);
+ key_item->key0_e_len = cpu_to_le32(e_len);
+
+ /* Store key 1. */
+ n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1);
+ e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len);
+ if (n_len + e_len > sizeof(key_item->key1)) {
+ pr_err("Firmware key is too big for key item\n");
+ goto err;
+ }
+ key_item->key1_n_len = cpu_to_le32(n_len);
+ key_item->key1_e_len = cpu_to_le32(e_len);
+
+ /* Sign the key item. */
+ key_item->sig_len = cpu_to_le32(RSA_size(root_key));
+ SHA256(buf, key_item->sig - buf, digest);
+ if (!RSA_sign(NID_sha256, digest, sizeof(digest),
+ key_item->sig, &sig_len, root_key)) {
+ pr_err("Failed to sign key item\n");
+ goto err;
+ }
+ if (sig_len != sizeof(key_item->sig)) {
+ pr_err("Bad key item signature length\n");
+ goto err;
+ }
+
+ *len = sizeof(*key_item);
+ ret = EXIT_SUCCESS;
+
+err:
+ return ret;
+}
+
+/*
+ * Verify the key item in @buf, containing two public keys @key0 and @key1,
+ * and signed by the RSA key @key0. If @root_key is provided, only signatures
+ * by that key will be accepted. @key1 is returned in @key.
+ */
+static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
+ RSA *root_key, RSA **fw_key)
+{
+ struct toc0_key_item *key_item = (void *)buf;
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ int ret = EXIT_FAILURE;
+ int n_len, e_len;
+ RSA *key0 = NULL;
+ RSA *key1 = NULL;
+ BIGNUM *n, *e;
+
+ if (len < sizeof(*key_item))
+ goto err;
+
+ /* Load key 0. */
+ n_len = le32_to_cpu(key_item->key0_n_len);
+ e_len = le32_to_cpu(key_item->key0_e_len);
+ if (n_len + e_len > sizeof(key_item->key0)) {
+ pr_err("Bad root key size in key item\n");
+ goto err;
+ }
+ n = BN_bin2bn(key_item->key0, n_len, NULL);
+ e = BN_bin2bn(key_item->key0 + n_len, e_len, NULL);
+ key0 = RSA_new();
+ if (!key0)
+ goto err;
+ if (!RSA_set0_key(key0, n, e, NULL))
+ goto err;
+
+ /* If a root key was provided, compare it to key 0. */
+ if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) ||
+ BN_cmp(e, RSA_get0_e(root_key)))) {
+ pr_err("Wrong root key in key item\n");
+ goto err;
+ }
+
+ /* Verify the key item signature. */
+ SHA256(buf, key_item->sig - buf, digest);
+ if (!RSA_verify(NID_sha256, digest, sizeof(digest),
+ key_item->sig, le32_to_cpu(key_item->sig_len), key0)) {
+ pr_err("Bad key item signature\n");
+ goto err;
+ }
+
+ if (fw_key) {
+ /* Load key 1. */
+ n_len = le32_to_cpu(key_item->key1_n_len);
+ e_len = le32_to_cpu(key_item->key1_e_len);
+ if (n_len + e_len > sizeof(key_item->key1)) {
+ pr_err("Bad firmware key size in key item\n");
+ goto err;
+ }
+ n = BN_bin2bn(key_item->key1, n_len, NULL);
+ e = BN_bin2bn(key_item->key1 + n_len, e_len, NULL);
+ key1 = RSA_new();
+ if (!key1)
+ goto err;
+ if (!RSA_set0_key(key1, n, e, NULL))
+ goto err;
+
+ if (*fw_key) {
+ /* If a FW key was provided, compare it to key 1. */
+ if (BN_cmp(n, RSA_get0_n(*fw_key)) ||
+ BN_cmp(e, RSA_get0_e(*fw_key))) {
+ pr_err("Wrong firmware key in key item\n");
+ goto err;
+ }
+ } else {
+ /* Otherwise, send key1 back to the caller. */
+ *fw_key = key1;
+ key1 = NULL;
+ }
+ }
+
+ ret = EXIT_SUCCESS;
+
+err:
+ RSA_free(key0);
+ RSA_free(key1);
+
+ return ret;
+}
+
+/*
+ * Create a certificate in @buf, describing the firmware with SHA256 digest
+ * @digest, and signed by the RSA key @fw_key.
+ */
+static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key,
+ uint8_t digest[static SHA256_DIGEST_LENGTH])
+{
+ struct toc0_cert_item *cert_item = (void *)buf;
+ uint8_t cert_digest[SHA256_DIGEST_LENGTH];
+ struct toc0_totalSequence *totalSequence;
+ struct toc0_sigSequence *sigSequence;
+ struct toc0_extension *extension;
+ struct toc0_publicKey *publicKey;
+ int ret = EXIT_FAILURE;
+ unsigned int sig_len;
+
+ memcpy(cert_item, &cert_item_template, sizeof(*cert_item));
+ *len = sizeof(*cert_item);
+
+ /*
+ * Fill in the public key.
+ *
+ * Only 2048-bit RSA keys are supported. Since this uses a fixed-size
+ * structure, it may fail for non-standard exponents.
+ */
+ totalSequence = &cert_item->totalSequence;
+ publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
+ if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 ||
+ BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) {
+ pr_err("Firmware key is too big for certificate\n");
+ goto err;
+ }
+
+ /* Fill in the firmware digest. */
+ extension = &totalSequence->mainSequence.explicit3.extension;
+ memcpy(&extension->digest, digest, SHA256_DIGEST_LENGTH);
+
+ /*
+ * Sign the certificate.
+ *
+ * In older SBROM versions (and by default in newer versions),
+ * the last 4 bytes of the certificate are not signed.
+ *
+ * (The buffer passed to SHA256 starts at tag_mainSequence, but
+ * the buffer size does not include the length of that tag.)
+ */
+ SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest);
+ sigSequence = &totalSequence->sigSequence;
+ if (!RSA_sign(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH,
+ sigSequence->signature, &sig_len, fw_key)) {
+ pr_err("Failed to sign certificate\n");
+ goto err;
+ }
+ if (sig_len != sizeof(sigSequence->signature)) {
+ pr_err("Bad certificate signature length\n");
+ goto err;
+ }
+
+ ret = EXIT_SUCCESS;
+
+err:
+ return ret;
+}
+
+/*
+ * Verify the certificate in @buf, describing the firmware with SHA256 digest
+ * @digest, and signed by the RSA key contained within. If @fw_key is provided,
+ * only that key will be accepted.
+ *
+ * This function is only expected to work with images created by mkimage.
+ */
+static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key,
+ uint8_t digest[static SHA256_DIGEST_LENGTH])
+{
+ const struct toc0_cert_item *cert_item = (const void *)buf;
+ uint8_t cert_digest[SHA256_DIGEST_LENGTH];
+ const struct toc0_totalSequence *totalSequence;
+ const struct toc0_sigSequence *sigSequence;
+ const struct toc0_extension *extension;
+ const struct toc0_publicKey *publicKey;
+ int ret = EXIT_FAILURE;
+ RSA *key = NULL;
+ BIGNUM *n, *e;
+
+ /* Extract the public key from the certificate. */
+ totalSequence = &cert_item->totalSequence;
+ publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
+ n = BN_bin2bn(publicKey->n, sizeof(publicKey->n), NULL);
+ e = BN_bin2bn(publicKey->e, sizeof(publicKey->e), NULL);
+ key = RSA_new();
+ if (!key)
+ goto err;
+ if (!RSA_set0_key(key, n, e, NULL))
+ goto err;
+
+ /* If a key was provided, compare it to the embedded key. */
+ if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) ||
+ BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) {
+ pr_err("Wrong firmware key in certificate\n");
+ goto err;
+ }
+
+ /* If a digest was provided, compare it to the embedded digest. */
+ extension = &totalSequence->mainSequence.explicit3.extension;
+ if (digest && memcmp(&extension->digest, digest, SHA256_DIGEST_LENGTH)) {
+ pr_err("Wrong firmware digest in certificate\n");
+ goto err;
+ }
+
+ /* Verify the certificate's signature. See the comment above. */
+ SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest);
+ sigSequence = &totalSequence->sigSequence;
+ if (!RSA_verify(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH,
+ sigSequence->signature,
+ sizeof(sigSequence->signature), key)) {
+ pr_err("Bad certificate signature\n");
+ goto err;
+ }
+
+ ret = EXIT_SUCCESS;
+
+err:
+ RSA_free(key);
+
+ return ret;
+}
+
+/*
+ * Always create a TOC0 containing 3 items. The extra item will be ignored on
+ * SoCs which do not support it.
+ */
+static int toc0_create(uint8_t *buf, uint32_t len, RSA *root_key, RSA *fw_key,
+ uint8_t *key_item, uint32_t key_item_len,
+ uint8_t *fw_item, uint32_t fw_item_len, uint32_t fw_addr)
+{
+ struct toc0_main_info *main_info = (void *)buf;
+ struct toc0_item_info *item_info = (void *)(main_info + 1);
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ uint32_t *buf32 = (void *)buf;
+ RSA *orig_fw_key = fw_key;
+ int ret = EXIT_FAILURE;
+ uint32_t checksum = 0;
+ uint32_t item_offset;
+ uint32_t item_length;
+ int i;
+
+ /* Hash the firmware for inclusion in the certificate. */
+ SHA256(fw_item, fw_item_len, digest);
+
+ /* Create the main TOC0 header, containing three items. */
+ memcpy(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name));
+ main_info->magic = cpu_to_le32(TOC0_MAIN_INFO_MAGIC);
+ main_info->checksum = cpu_to_le32(BROM_STAMP_VALUE);
+ main_info->num_items = cpu_to_le32(TOC0_DEFAULT_NUM_ITEMS);
+ memcpy(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end));
+
+ /* The first item links the ROTPK to the signing key. */
+ item_offset = sizeof(*main_info) +
+ sizeof(*item_info) * TOC0_DEFAULT_NUM_ITEMS;
+ /* Using an existing key item avoids needing the root private key. */
+ if (key_item) {
+ item_length = sizeof(*key_item);
+ if (toc0_verify_key_item(key_item, item_length,
+ root_key, &fw_key))
+ goto err;
+ memcpy(buf + item_offset, key_item, item_length);
+ } else if (toc0_create_key_item(buf + item_offset, &item_length,
+ root_key, fw_key)) {
+ goto err;
+ }
+
+ item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_KEY);
+ item_info->offset = cpu_to_le32(item_offset);
+ item_info->length = cpu_to_le32(item_length);
+ memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end));
+
+ /* The second item contains a certificate signed by the firmware key. */
+ item_offset = item_offset + item_length;
+ if (toc0_create_cert_item(buf + item_offset, &item_length,
+ fw_key, digest))
+ goto err;
+
+ item_info++;
+ item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_CERT);
+ item_info->offset = cpu_to_le32(item_offset);
+ item_info->length = cpu_to_le32(item_length);
+ memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end));
+
+ /* The third item contains the actual boot code. */
+ item_offset = ALIGN(item_offset + item_length, 32);
+ item_length = fw_item_len;
+ if (buf + item_offset != fw_item)
+ memmove(buf + item_offset, fw_item, item_length);
+
+ item_info++;
+ item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_FIRMWARE);
+ item_info->offset = cpu_to_le32(item_offset);
+ item_info->length = cpu_to_le32(item_length);
+ item_info->load_addr = cpu_to_le32(fw_addr);
+ memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end));
+
+ /* Pad to the required block size with 0xff to be flash-friendly. */
+ item_offset = item_offset + item_length;
+ item_length = ALIGN(item_offset, PAD_SIZE) - item_offset;
+ memset(buf + item_offset, 0xff, item_length);
+
+ /* Fill in the total padded file length. */
+ item_offset = item_offset + item_length;
+ main_info->length = cpu_to_le32(item_offset);
+
+ /* Verify enough space was provided when creating the image. */
+ assert(len >= item_offset);
+
+ /* Calculate the checksum. Yes, it's that simple. */
+ for (i = 0; i < item_offset / 4; ++i)
+ checksum += le32_to_cpu(buf32[i]);
+ main_info->checksum = cpu_to_le32(checksum);
+
+ ret = EXIT_SUCCESS;
+
+err:
+ if (fw_key != orig_fw_key)
+ RSA_free(fw_key);
+
+ return ret;
+}
+
+static const struct toc0_item_info *
+toc0_find_item(const struct toc0_main_info *main_info, uint32_t name,
+ uint32_t *offset, uint32_t *length)
+{
+ const struct toc0_item_info *item_info = (void *)(main_info + 1);
+ uint32_t item_offset, item_length;
+ uint32_t num_items, main_length;
+ int i;
+
+ num_items = le32_to_cpu(main_info->num_items);
+ main_length = le32_to_cpu(main_info->length);
+
+ for (i = 0; i < num_items; ++i, ++item_info) {
+ if (le32_to_cpu(item_info->name) != name)
+ continue;
+
+ item_offset = le32_to_cpu(item_info->offset);
+ item_length = le32_to_cpu(item_info->length);
+
+ if (item_offset > main_length ||
+ item_length > main_length - item_offset)
+ continue;
+
+ *offset = item_offset;
+ *length = item_length;
+
+ return item_info;
+ }
+
+ return NULL;
+}
+
+static int toc0_verify(const uint8_t *buf, uint32_t len, RSA *root_key)
+{
+ const struct toc0_main_info *main_info = (void *)buf;
+ const struct toc0_item_info *item_info;
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ uint32_t main_length = le32_to_cpu(main_info->length);
+ uint32_t checksum = BROM_STAMP_VALUE;
+ uint32_t *buf32 = (void *)buf;
+ uint32_t length, offset;
+ int ret = EXIT_FAILURE;
+ RSA *fw_key = NULL;
+ int i;
+
+ if (len < main_length)
+ goto err;
+
+ /* Verify the main header. */
+ if (memcmp(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name)))
+ goto err;
+ if (le32_to_cpu(main_info->magic) != TOC0_MAIN_INFO_MAGIC)
+ goto err;
+ /* Verify the checksum without modifying the buffer. */
+ for (i = 0; i < main_length / 4; ++i)
+ checksum += le32_to_cpu(buf32[i]);
+ if (checksum != 2 * le32_to_cpu(main_info->checksum))
+ goto err;
+ /* The length must be at least 512 byte aligned. */
+ if (main_length % 512)
+ goto err;
+ if (memcmp(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end)))
+ goto err;
+
+ /* Verify the key item if present (it is optional). */
+ item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_KEY,
+ &offset, &length);
+ if (!item_info)
+ fw_key = root_key;
+ else if (toc0_verify_key_item(buf + offset, length, root_key, &fw_key))
+ goto err;
+
+ /* Hash the firmware to compare with the certificate. */
+ item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_FIRMWARE,
+ &offset, &length);
+ if (!item_info) {
+ pr_err("Missing firmware item\n");
+ goto err;
+ }
+ SHA256(buf + offset, length, digest);
+
+ /* Verify the certificate item. */
+ item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_CERT,
+ &offset, &length);
+ if (!item_info) {
+ pr_err("Missing certificate item\n");
+ goto err;
+ }
+ if (toc0_verify_cert_item(buf + offset, length, fw_key, digest))
+ goto err;
+
+ ret = EXIT_SUCCESS;
+
+err:
+ if (fw_key != root_key)
+ RSA_free(fw_key);
+
+ return ret;
+}
+
+static int toc0_check_params(struct image_tool_params *params)
+{
+ if (!params->dflag)
+ return -EINVAL;
+
+ /*
+ * If a key directory was provided, look for key files there.
+ * Otherwise, look for them in the current directory. The key files are
+ * the "quoted" terms in the description below.
+ *
+ * A summary of the chain of trust on most SoCs:
+ * 1) eFuse contains a SHA256 digest of the public "root key".
+ * 2) Private "root key" signs the certificate item (generated here).
+ * 3) Certificate item contains a SHA256 digest of the firmware item.
+ *
+ * A summary of the chain of trust on the H6 (by default; a bit in the
+ * BROM_CONFIG eFuse makes it work like above):
+ * 1) eFuse contains a SHA256 digest of the public "root key".
+ * 2) Private "root key" signs the "key item" (generated here).
+ * 3) "Key item" contains the public "root key" and public "fw key".
+ * 4) Private "fw key" signs the certificate item (generated here).
+ * 5) Certificate item contains a SHA256 digest of the firmware item.
+ *
+ * This means there are three valid ways to generate a TOC0:
+ * 1) Provide the private "root key" only. This works everywhere.
+ * For H6, the "root key" will also be used as the "fw key".
+ * 2) FOR H6 ONLY: Provide the private "root key" and a separate
+ * private "fw key".
+ * 3) FOR H6 ONLY: Provide the private "fw key" and a pre-existing
+ * "key item" containing the corresponding public "fw key".
+ * In this case, the private "root key" can be kept offline. The
+ * "key item" can be extracted from a TOC0 image generated using
+ * method #2 above.
+ *
+ * Note that until the ROTPK_HASH eFuse is programmed, any "root key"
+ * will be accepted by the BROM.
+ */
+ if (params->keydir) {
+ if (asprintf(&fw_key_file, "%s/%s", params->keydir, fw_key_file) < 0)
+ return -ENOMEM;
+ if (asprintf(&key_item_file, "%s/%s", params->keydir, key_item_file) < 0)
+ return -ENOMEM;
+ if (asprintf(&root_key_file, "%s/%s", params->keydir, root_key_file) < 0)
+ return -ENOMEM;
+ }
+
+ return 0;
+}
+
+static int toc0_verify_header(unsigned char *buf, int image_size,
+ struct image_tool_params *params)
+{
+ int ret = EXIT_FAILURE;
+ RSA *root_key = NULL;
+ FILE *fp;
+
+ /* A root public key is optional. */
+ fp = fopen(root_key_file, "rb");
+ if (fp) {
+ pr_info("Verifying image with existing root key\n");
+ root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
+ if (!root_key)
+ root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+ if (!root_key) {
+ pr_err("Failed to read public key from '%s'\n",
+ root_key_file);
+ goto err;
+ }
+ }
+
+ ret = toc0_verify(buf, image_size, root_key);
+
+err:
+ RSA_free(root_key);
+
+ return ret;
+}
+
+static const char *toc0_item_name(uint32_t name)
+{
+ if (name == TOC0_ITEM_INFO_NAME_CERT)
+ return "Certificate";
+ if (name == TOC0_ITEM_INFO_NAME_FIRMWARE)
+ return "Firmware";
+ if (name == TOC0_ITEM_INFO_NAME_KEY)
+ return "Key";
+ return "(unknown)";
+}
+
+static void toc0_print_header(const void *buf)
+{
+ const struct toc0_main_info *main_info = buf;
+ const struct toc0_item_info *item_info = (void *)(main_info + 1);
+ uint32_t head_length, main_length, num_items;
+ uint32_t item_offset, item_length, item_name;
+ int load_addr = -1;
+ int i;
+
+ num_items = le32_to_cpu(main_info->num_items);
+ head_length = sizeof(*main_info) + num_items * sizeof(*item_info);
+ main_length = le32_to_cpu(main_info->length);
+
+ printf("Allwinner TOC0 Image\n"
+ "Size: %d bytes\n"
+ "Contents: %d items\n"
+ " 00000000:%08x Headers\n",
+ main_length, num_items, head_length);
+
+ for (i = 0; i < num_items; ++i, ++item_info) {
+ item_offset = le32_to_cpu(item_info->offset);
+ item_length = le32_to_cpu(item_info->length);
+ item_name = le32_to_cpu(item_info->name);
+
+ if (item_name == TOC0_ITEM_INFO_NAME_FIRMWARE)
+ load_addr = le32_to_cpu(item_info->load_addr);
+
+ printf(" %08x:%08x %s\n",
+ item_offset, item_length,
+ toc0_item_name(item_name));
+ }
+
+ if (num_items && item_offset + item_length < main_length) {
+ item_offset = item_offset + item_length;
+ item_length = main_length - item_offset;
+
+ printf(" %08x:%08x Padding\n",
+ item_offset, item_length);
+ }
+
+ if (load_addr != -1)
+ printf("Load address: 0x%08x\n", load_addr);
+}
+
+static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
+ struct image_tool_params *params)
+{
+ uint32_t key_item_len = 0;
+ uint8_t *key_item = NULL;
+ int ret = EXIT_FAILURE;
+ RSA *root_key = NULL;
+ RSA *fw_key = NULL;
+ FILE *fp;
+
+ /* Either a key item or the root private key is required. */
+ fp = fopen(key_item_file, "rb");
+ if (fp) {
+ pr_info("Creating image using existing key item\n");
+ key_item_len = sizeof(struct toc0_key_item);
+ key_item = OPENSSL_malloc(key_item_len);
+ if (!key_item || fread(key_item, key_item_len, 1, fp) != 1) {
+ pr_err("Failed to read key item from '%s'\n",
+ root_key_file);
+ goto err;
+ }
+ fclose(fp);
+ fp = NULL;
+ }
+
+ fp = fopen(root_key_file, "rb");
+ if (fp) {
+ root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
+ if (!root_key)
+ root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+ fp = NULL;
+ }
+
+ /* When using an existing key item, the root key is optional. */
+ if (!key_item && (!root_key || !RSA_get0_d(root_key))) {
+ pr_err("Failed to read private key from '%s'\n",
+ root_key_file);
+ pr_info("Try 'openssl genrsa -out root_key.pem'\n");
+ goto err;
+ }
+
+ /* The certificate/firmware private key is always required. */
+ fp = fopen(fw_key_file, "rb");
+ if (fp) {
+ fw_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+ fp = NULL;
+ }
+ if (!fw_key) {
+ /* If the root key is a private key, it can be used instead. */
+ if (root_key && RSA_get0_d(root_key)) {
+ pr_info("Using root key as firmware key\n");
+ fw_key = root_key;
+ } else {
+ pr_err("Failed to read private key from '%s'\n",
+ fw_key_file);
+ goto err;
+ }
+ }
+
+ /* Warn about potential compatibility issues. */
+ if (key_item || fw_key != root_key)
+ pr_warn("Only H6 supports separate root and firmware keys\n");
+
+ ret = toc0_create(buf, params->file_size, root_key, fw_key,
+ key_item, key_item_len,
+ buf + TOC0_DEFAULT_HEADER_LEN,
+ params->orig_file_size, params->addr);
+
+err:
+ OPENSSL_free(key_item);
+ OPENSSL_free(root_key);
+ if (fw_key != root_key)
+ OPENSSL_free(fw_key);
+ if (fp)
+ fclose(fp);
+
+ if (ret != EXIT_SUCCESS)
+ exit(ret);
+}
+
+static int toc0_check_image_type(uint8_t type)
+{
+ return type == IH_TYPE_SUNXI_TOC0 ? 0 : 1;
+}
+
+static int toc0_vrec_header(struct image_tool_params *params,
+ struct image_type_params *tparams)
+{
+ tparams->hdr = calloc(tparams->header_size, 1);
+
+ /* Save off the unpadded data size for SHA256 calculation. */
+ params->orig_file_size = params->file_size - TOC0_DEFAULT_HEADER_LEN;
+
+ /* Return padding to 8K blocks. */
+ return ALIGN(params->file_size, PAD_SIZE) - params->file_size;
+}
+
+U_BOOT_IMAGE_TYPE(
+ sunxi_toc0,
+ "Allwinner TOC0 Boot Image support",
+ TOC0_DEFAULT_HEADER_LEN,
+ NULL,
+ toc0_check_params,
+ toc0_verify_header,
+ toc0_print_header,
+ toc0_set_header,
+ NULL,
+ toc0_check_image_type,
+ NULL,
+ toc0_vrec_header
+);