This release:
- Ports RSA signature field operations to T124.
- Fixes some error handling.
- Fixes image update with small image file sizes.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
The BCT size check assume a quiet large image, however if the image
doesn't contains a bootloader it won't be that large. Change the size
check to only read the minimum data needed to verify the BCT version
and get the size.
Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de>
--
Changelog:
v2: * Add a comment to explain the value of NVBOOT_CONFIG_TABLE_SIZE_MIN
v3: * Only read the minimum data needed
Signed-off-by: Stephen Warren <swarren@nvidia.com>
get_bct_size_from_image() and read_bct_file() should return negative
error codes, so add the missing minus signs. Also fix the return value
check on get_bct_size_from_image(), a negative value indicate an error
not zero.
Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Create a release that adds rsa-pss signature support. Currently
it has only been tested on T210.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
sign.sh runs openssl and other linux utilities to generate rsa-pss
signatures for a prebuilt bootimage and then uses cbootimage option
--update to update bootimage's rsa signatures and rsa modulus.
Syntax: sign.sh <bootimage> <rsa_key.pem>
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This feature is needed in case an image is updated at later stage
after bootimage has been created.
How to use:
Add keyword "RehashBl" to configuration file, for example, update.cfg:
RehashBl;
Invoke cbootimage to re-calculate bootloader aes hash, for example, for
bootimage bootloader.bin:
$ cbootimage -s tegra210 --update update.cfg bootloader.bin bootloader.bin-resigned
Where bootloader.bin-resigned is the resigned bootimage bootloader.bin
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add support to dump rsa pubkey, bct's rsa-pss signature and
bootloader's rsa-pss signature.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Create new configuration keywords:
RsaKeyModulusFile: pubkey modulus
RsaPssSigBlFile: bootloader rsa pss signature
RsaPssSigBctFile: bct rsa pss signature
Sample Configuration file update_bl_sig.cfg
RsaKeyModulusFile = pubkey.mod;
RsaPssSigBlFile = bl.sig;
where pubkey.mod and bl.sig are files that contain the public key
modulus and bootloader's rsa-pss signature respectively.
public key modulus and signature are created through utilities
outside cbootimage.
Command line example:
$ cbootimage -s tegra210 -u update_bl_sig.cfg image.bin image.bin-bl-signed
Above three new keywords added in this CL are only implemented to support
for T210.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add generated and temporary files to .gitignore rules to prevent them from
cluttering up git status or being accidently committed.
Signed-off-by: Allen Martin <amartin@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Since option "-t" is still fully supported, correct the
help messages.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This patch adds support for Tegra210. The command option is
--soc tegra210 or -s tegra210
T210 specific files are added under src/t210 directory.
Main changes from earlier soc are many new fileds are added to
structure nvboot_sdram_params and the number of boot devices
that can be defined within bct is reduced from 4 to 1.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add 'b' (binary) flag when using fopen to open a binary file.
This keeps Windows from expanding \n to \r\n and interpreting
<ctrl>z as end of file. The change is to support a Windows
hosted coreboot build environment.
Signed-off-by: Scott Duplichan <scott@notabs.org>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This could silently fail which leads to surprising behaviour.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
fread could return only a partial result
(eg. NVBOOT_CONFIG_TABLE_SIZE_MAX - 1 bytes),
which right now would be accepted and only
resolved by later code.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
- free empty_blk if it's allocated and there's an error
- only free empty_blk if it's non-NULL. While POSIX
requests such free()s to be safe, some implementations
(eg Solaris) aren't compliant.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Testing for e == 0 after exiting the function in any other
case a couple of lines earlier is useless.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
There is no C++ code to be compiled in the repository.
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This patch adds support for Tegra132. This are only slight
differences between Tegra124 and Tegra132. The command line
usage is exactly the same as other platforms like Tegra124.
The structure nvboot_mts_info is added into the bct for Tegra132.
So the bootrom and first stage bootloader know where to load the
preboot and mts images. Two parse items "Mts=" and "MtsPreboot="
are added to embedded MTS images in BCT image like what we do for
bootloader. The syntax is also the same. For example:
MtsPreboot = <preboot_image>,<load_address>,<entry_address>,Complete;
Mts = <mts_image>,<load_address>,<entry_address>,Complete;
The load and entry addresses depned on your board design.
Four files are added in src/t132:
nvbctlib_t132.c - is cloned from nvbctlib_t124.c and adds mts
information getter and setter.
nvboot_bct_t132.h - adds mts structure into bct
nvboot_sdram_param_t132.h - clone of nvboot_sdram_param_t124.h
parse_t132.c - clone of parse_t124.c
Signed-off-by: Vince Hsu <vinceh@nvidia.com>
Acked-by: Allen Martin <amartin@nvidia.com>
Also update the next_bct_blk. Then we have the correct pointer
to the next block for the next image write.
Signed-off-by: Vince Hsu <vinceh@nvidia.com>
Acked-by: Allen Martin <amartin@nvidia.com>
Create a release that includes support for JTAG control, chip UUID, and
the ability to update an existing image.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This feature reads the BCT data from BCT or BCT with bootloader
appended binary, updates the BCT data based on config file, then
writes to new image file.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add support for read secure_jtag_control and unique_chip_id from
cfg file and write them into BCT structure, and bct_dump can also
parse the two fields and show the data.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Change to use block_size and page_size tokens instead of
block_size_log2 and page_size_log2 tokens when dump BCT
data.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add a function called token_supported in cbootimage_soc_config.
It is used to check if the input token is supported in specific
tegra soc.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This change uses void * as input data type for
cbootimage_soc_config.get/set_value and context_set_value functions.
This makes the functions can accept various data types based on
different tokens.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
The valid page_size value should be a power of two, so add this
check when setting page_size value.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add a new field to the value_data table, which is the function to
use to format the data value.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Implement command-line option "-s tegra20" and "--soc tegra20". These
mirror the existing -t/--tegra option, but require the full chip name
(tegra20) rather than an abbreviated name (-t20). This is more consistent
with just about everything else upstream.
Suggested-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Add the Tegra124 chip support to cbootimage. User can use "-t124" as
option to parse .cfg and generate BCT/image for Tegra124.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
[swarren, modified change to usage() to avoid re-indenting it all]
Signed-off-by: Stephen Warren <swarren@nvidia.com>
In real-world use-cases, hashing zero-length data likely never happens.
However, it is relevant when testing cbootimage with a dummy zero-length
bootloader binary, e.g.:
touch u-boot.bin
cbootimage -t30 ../tamonten-ng/tegra30.img.cfg tegra30-tec-ng.img
In this scenario, it's useful to create a consistent hash, so that one
can compare the resultant images before and after applying patches, to
check for regressions.
Hence, zero out the hash data so it has consistent content if it isn't
written to.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Using "$@" (rather than #@) quotes any arguments if required. This is
useful if you want to run ./autogen.sh CFLAGS="-ggdb -O0".
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
The SoC specific code is in subdirectories which leads to warnings in
newer
automake versions. The option subdir-objects prevents those warnings.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Reviewed-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This moves an assert down if only "-h" and not SOC is given on the
command line.
Signed-off-by: Marc Dietrich <marvin24@gmx.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Remove previous hardcoded GNUmakefile and replace with autoconf/automake
generated configure script and Makefile.
Signed-off-by: Allen Martin <amartin@nvidia.com>
Change-Id: I48d3f6f20423109dc662418b92900876a8f8d1da
Reviewed-on: http://git-master/r/217547
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
This is in preparation of switching to autotools, add explicit #includes
for header files where there was an implicit dependency.
Signed-off-by: Allen Martin <amartin@nvidia.com>
Change-Id: I8ca5832638ac7043f2b4e687c52bbe6e0a755eef
Reviewed-on: http://git-master/r/217546
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
This is in preparation for adding autotools support to help separate the source
code from the build support files.
Signed-off-by: Allen Martin <amartin@nvidia.com>
Change-Id: I128c258db7bbf2c1adf34fbaad188ea7678b79ff
Reviewed-on: http://git-master/r/217545
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
This adds an install target to the Makefile. cbootimage and bct_dump
are installed to /usr/bin.
Signed-off-by: Marc Dietrich <marvin24@gmx.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Change-Id: Ib4aba674a7ca206d5de998c649b65772312d510c
Reviewed-on: http://git-master/r/200182
Reviewed-by: Allen Martin <amartin@nvidia.com>
Reviewed-by: Rhyland Klein <rklein@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
fgetc() returns an int. Fix process_config_file() to store the result in
an int, so that comparisons against EOF succeed.
Previously, If "char" defaulted to unsigned (which may be true for armhf),
then when fgetc() returned -1, it would be truncated to 255 when stored
in the char, and then zero-filled rather than sign-extended when comparing
against EOF, which would then fail.
See http://code.google.com/p/chromium-os/issues/detail?id=25632.
Reported-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Change-Id: I018e32df9a87b7c6f9fe24d108e091a7b31a50c8
Reviewed-on: http://git-master/r/192151
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Allen Martin <amartin@nvidia.com>
Add the Tegra114 chip support to cbootimage. User can use "-t114" as
option to parse .cfg and generate BCT/image for Tegra114.
Change-Id: I02bd3f633afccd2c9c0b01d43ed4660fa4b82ae0
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Reviewed-on: http://git-master/r/169619
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Rhyland Klein <rklein@nvidia.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
