diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/asm-generic/errno.h | 5 | ||||
-rw-r--r-- | include/boot.h | 28 | ||||
-rw-r--r-- | include/digest.h | 23 | ||||
-rw-r--r-- | include/hab.h (renamed from include/habv4.h) | 18 | ||||
-rw-r--r-- | include/image-fit.h | 45 | ||||
-rw-r--r-- | include/rsa.h | 54 |
6 files changed, 166 insertions, 7 deletions
diff --git a/include/asm-generic/errno.h b/include/asm-generic/errno.h index 6072f7b605..7d99a95370 100644 --- a/include/asm-generic/errno.h +++ b/include/asm-generic/errno.h @@ -126,6 +126,11 @@ #define ENOMEDIUM 123 /* No medium found */ #define EMEDIUMTYPE 124 /* Wrong medium type */ +#define ECANCELED 125 /* Operation Canceled */ +#define ENOKEY 126 /* Required key not available */ +#define EKEYEXPIRED 127 /* Key has expired */ +#define EKEYREVOKED 128 /* Key has been revoked */ +#define EKEYREJECTED 129 /* Key was rejected by service */ /* Should never be seen by user programs */ #define ERESTARTSYS 512 diff --git a/include/boot.h b/include/boot.h index bdd5477d35..0198cc8826 100644 --- a/include/boot.h +++ b/include/boot.h @@ -7,12 +7,18 @@ #include <linux/list.h> #include <environment.h> +enum bootm_verify { + BOOTM_VERIFY_NONE, + BOOTM_VERIFY_HASH, + BOOTM_VERIFY_SIGNATURE, +}; + struct bootm_data { const char *os_file; const char *initrd_file; const char *oftree_file; int verbose; - bool verify; + enum bootm_verify verify; bool force; bool dryrun; unsigned long initrd_address; @@ -28,7 +34,11 @@ struct image_data { /* if os is an uImage this will be provided */ struct uimage_handle *os; - int os_num; + + /* if os is a FIT image this will be provided */ + struct fit_handle *os_fit; + + char *os_part; /* otherwise only the filename will be provided */ char *os_file; @@ -49,7 +59,7 @@ struct image_data { /* if initrd is an uImage this will be provided */ struct uimage_handle *initrd; - int initrd_num; + char *initrd_part; /* otherwise only the filename will be provided */ char *initrd_file; @@ -57,13 +67,13 @@ struct image_data { unsigned long initrd_address; char *oftree_file; - int oftree_num; + char *oftree_part; struct device_node *of_root_node; struct fdt_header *oftree; struct resource *oftree_res; - int verify; + enum bootm_verify verify; int verbose; int force; int dryrun; @@ -109,9 +119,17 @@ static inline int linux_bootargs_overwrite(const char *bootargs) } #endif +void bootm_data_init_defaults(struct bootm_data *data); + int bootm_load_os(struct image_data *data, unsigned long load_address); + +bool bootm_has_initrd(struct image_data *data); int bootm_load_initrd(struct image_data *data, unsigned long load_address); + int bootm_load_devicetree(struct image_data *data, unsigned long load_address); +int bootm_get_os_size(struct image_data *data); + +enum bootm_verify bootm_get_verify_mode(void); #define UIMAGE_SOME_ADDRESS (UIMAGE_INVALID_ADDRESS - 1) diff --git a/include/digest.h b/include/digest.h index 3a9d305963..fe30cc27e0 100644 --- a/include/digest.h +++ b/include/digest.h @@ -23,12 +23,34 @@ struct digest; +enum hash_algo { + HASH_ALGO_MD4, + HASH_ALGO_MD5, + HASH_ALGO_SHA1, + HASH_ALGO_RIPE_MD_160, + HASH_ALGO_SHA224, + HASH_ALGO_SHA256, + HASH_ALGO_SHA384, + HASH_ALGO_SHA512, + HASH_ALGO_RIPE_MD_128, + HASH_ALGO_RIPE_MD_256, + HASH_ALGO_RIPE_MD_320, + HASH_ALGO_WP_256, + HASH_ALGO_WP_384, + HASH_ALGO_WP_512, + HASH_ALGO_TGR_128, + HASH_ALGO_TGR_160, + HASH_ALGO_TGR_192, + HASH_ALGO__LAST +}; + struct crypto_alg { char *name; char *driver_name; int priority; #define DIGEST_ALGO_NEED_KEY (1 << 0) unsigned int flags; + enum hash_algo algo; }; struct digest_algo { @@ -65,6 +87,7 @@ void digest_algo_unregister(struct digest_algo *d); void digest_algo_prints(const char *prefix); struct digest *digest_alloc(const char *name); +struct digest *digest_alloc_by_algo(enum hash_algo); void digest_free(struct digest *d); int digest_file_window(struct digest *d, const char *filename, diff --git a/include/habv4.h b/include/hab.h index f9bf74f3b9..818d7ca1c5 100644 --- a/include/habv4.h +++ b/include/hab.h @@ -19,9 +19,23 @@ #define __HABV4_H #ifdef CONFIG_HABV4 -int habv4_get_status(void); +int imx28_hab_get_status(void); +int imx6_hab_get_status(void); #else -static inline int habv4_get_status(void) +static inline int imx28_hab_get_status(void) +{ + return -EPERM; +} +static inline int imx6_hab_get_status(void) +{ + return -EPERM; +} +#endif + +#ifdef CONFIG_HABV3 +int imx25_hab_get_status(void); +#else +static inline int imx25_hab_get_status(void) { return -EPERM; } diff --git a/include/image-fit.h b/include/image-fit.h new file mode 100644 index 0000000000..c9d6911a97 --- /dev/null +++ b/include/image-fit.h @@ -0,0 +1,45 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + * + * Copyright (C) Jan Lübbe, 2014 + */ + +#ifndef __IMAGE_FIT_H__ +#define __IMAGE_FIT_H__ + +#include <linux/types.h> +#include <boot.h> + +struct fit_handle { + void *fit; + size_t size; + + bool verbose; + enum bootm_verify verify; + + struct device_node *root; + + const void *kernel; + unsigned long kernel_size; + const void *oftree; + unsigned long oftree_size; + const void *initrd; + unsigned long initrd_size; +}; + +struct fit_handle *fit_open(const char *filename, const char *config, bool verbose, + enum bootm_verify verify); +void fit_close(struct fit_handle *handle); + +#endif /* __IMAGE_FIT_H__ */ diff --git a/include/rsa.h b/include/rsa.h new file mode 100644 index 0000000000..feb8c31200 --- /dev/null +++ b/include/rsa.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2013, Google Inc. + * + * (C) Copyright 2008 Semihalf + * + * (C) Copyright 2000-2006 + * Wolfgang Denk, DENX Software Engineering, wd@denx.de. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _RSA_H +#define _RSA_H + +#include <errno.h> +#include <digest.h> + +/** + * struct rsa_public_key - holder for a public key + * + * An RSA public key consists of a modulus (typically called N), the inverse + * and R^2, where R is 2^(# key bits). + */ + +struct rsa_public_key { + uint len; /* len of modulus[] in number of uint32_t */ + uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ + uint32_t *modulus; /* modulus as little endian array */ + uint32_t *rr; /* R^2 as little endian array */ + uint64_t exponent; /* public exponent */ +}; + +/** + * rsa_verify() - Verify a signature against some data + * + * Verify a RSA PKCS1.5 signature against an expected hash. + * + * @info: Specifies key and FIT information + * @data: Pointer to the input data + * @data_len: Data length + * @sig: Signature + * @sig_len: Number of bytes in signature + * @return 0 if verified, -ve on error + */ +int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig, + const uint32_t sig_len, const uint8_t *hash, + enum hash_algo algo); + +/* This is the maximum signature length that we support, in bits */ +#define RSA_MAX_SIG_BITS 4096 + +int rsa_of_read_key(struct device_node *node, struct rsa_public_key *key); + +#endif |