Free the buffer after a read error to prevent a memory leak. This was
flagged by a Coverity scan of the coreboot project, which uses
cbootimage.
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
cbootimage doesn't have extensive error-checking of the input files. Thus
it's easy to trigger aborts (which in turn segfault to exit the app) and
bad memory accesses by providing under-sized binary input files or
configuration files with missing required statements. Add a bit more
error-checking to clean up some of these cases. No doubt there are more,
but this change only fixes those that have been reported.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
This release:
- Allows paths that contain the '@' character.
- Fixes a crash in bct_dump on devices without RSA support.
- Enhances sign.sh to support T124 and to sign the BCT.
- Includes some internal code cleanup.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
The u_intXX_t types are implementation-specific and not part of a
standard. As an example, they are not provided by the musl C library.
Therefore, this commit switches cbootimage to use the C99 uintXX_t
types. This commit has been produced by:
1. Running:
find . -name '*.[ch]' | xargs sed -i 's%u_int\([0-9]*\)_t%uint\1_t%g'
2. Adding a #include <stdint.h> in cbootimage.h
The result has been compile tested with the musl C library.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(swarren, validated "objdump -d cbootimage" is identical before/after)
Signed-off-by: Stephen Warren <swarren@nvidia.com>
format_rsa_param() currently crashes on chips that don't implement
soc_config->get_value_size(); that is, on all chips before T124. Fix the
function not to crash. Better might be to avoid even dumping RSA
parameters on chips which don't support RSA, but that's a larger change
that needs much more work.
Fixes: 3c3b992a68 ("Add support to dump rsa related fields for t210")
Cc: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
1. Use parameter <soc> to specify boot image type. ie, tegra124, tegra210.
Previouly sign.sh can only sign for tegra210 boot image.
2. Automatically generate signed bct, ie, tegra124.bct, tegra210.bct.
A signed bct is needed when flashing target.
Command syntax:
$ ./sign.sh <soc> <bootimage> <rsa_key>
Example:
$ ./sign.sh tegra124 t124.img rsa_priv.pem
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This release:
- Ports RSA signature field operations to T124.
- Fixes some error handling.
- Fixes image update with small image file sizes.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
The BCT size check assume a quiet large image, however if the image
doesn't contains a bootloader it won't be that large. Change the size
check to only read the minimum data needed to verify the BCT version
and get the size.
Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de>
--
Changelog:
v2: * Add a comment to explain the value of NVBOOT_CONFIG_TABLE_SIZE_MIN
v3: * Only read the minimum data needed
Signed-off-by: Stephen Warren <swarren@nvidia.com>
get_bct_size_from_image() and read_bct_file() should return negative
error codes, so add the missing minus signs. Also fix the return value
check on get_bct_size_from_image(), a negative value indicate an error
not zero.
Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This allow creating and reading signed images for secure boot on t124.
Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Create a release that adds rsa-pss signature support. Currently
it has only been tested on T210.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
sign.sh runs openssl and other linux utilities to generate rsa-pss
signatures for a prebuilt bootimage and then uses cbootimage option
--update to update bootimage's rsa signatures and rsa modulus.
Syntax: sign.sh <bootimage> <rsa_key.pem>
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This feature is needed in case an image is updated at later stage
after bootimage has been created.
How to use:
Add keyword "RehashBl" to configuration file, for example, update.cfg:
RehashBl;
Invoke cbootimage to re-calculate bootloader aes hash, for example, for
bootimage bootloader.bin:
$ cbootimage -s tegra210 --update update.cfg bootloader.bin bootloader.bin-resigned
Where bootloader.bin-resigned is the resigned bootimage bootloader.bin
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add support to dump rsa pubkey, bct's rsa-pss signature and
bootloader's rsa-pss signature.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Create new configuration keywords:
RsaKeyModulusFile: pubkey modulus
RsaPssSigBlFile: bootloader rsa pss signature
RsaPssSigBctFile: bct rsa pss signature
Sample Configuration file update_bl_sig.cfg
RsaKeyModulusFile = pubkey.mod;
RsaPssSigBlFile = bl.sig;
where pubkey.mod and bl.sig are files that contain the public key
modulus and bootloader's rsa-pss signature respectively.
public key modulus and signature are created through utilities
outside cbootimage.
Command line example:
$ cbootimage -s tegra210 -u update_bl_sig.cfg image.bin image.bin-bl-signed
Above three new keywords added in this CL are only implemented to support
for T210.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add generated and temporary files to .gitignore rules to prevent them from
cluttering up git status or being accidently committed.
Signed-off-by: Allen Martin <amartin@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Since option "-t" is still fully supported, correct the
help messages.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This patch adds support for Tegra210. The command option is
--soc tegra210 or -s tegra210
T210 specific files are added under src/t210 directory.
Main changes from earlier soc are many new fileds are added to
structure nvboot_sdram_params and the number of boot devices
that can be defined within bct is reduced from 4 to 1.
Signed-off-by: Jimmy Zhang <jimmzhang@nvidia.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add 'b' (binary) flag when using fopen to open a binary file.
This keeps Windows from expanding \n to \r\n and interpreting
<ctrl>z as end of file. The change is to support a Windows
hosted coreboot build environment.
Signed-off-by: Scott Duplichan <scott@notabs.org>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This could silently fail which leads to surprising behaviour.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
fread could return only a partial result
(eg. NVBOOT_CONFIG_TABLE_SIZE_MAX - 1 bytes),
which right now would be accepted and only
resolved by later code.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
- free empty_blk if it's allocated and there's an error
- only free empty_blk if it's non-NULL. While POSIX
requests such free()s to be safe, some implementations
(eg Solaris) aren't compliant.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Testing for e == 0 after exiting the function in any other
case a couple of lines earlier is useless.
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
There is no C++ code to be compiled in the repository.
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This patch adds support for Tegra132. This are only slight
differences between Tegra124 and Tegra132. The command line
usage is exactly the same as other platforms like Tegra124.
The structure nvboot_mts_info is added into the bct for Tegra132.
So the bootrom and first stage bootloader know where to load the
preboot and mts images. Two parse items "Mts=" and "MtsPreboot="
are added to embedded MTS images in BCT image like what we do for
bootloader. The syntax is also the same. For example:
MtsPreboot = <preboot_image>,<load_address>,<entry_address>,Complete;
Mts = <mts_image>,<load_address>,<entry_address>,Complete;
The load and entry addresses depned on your board design.
Four files are added in src/t132:
nvbctlib_t132.c - is cloned from nvbctlib_t124.c and adds mts
information getter and setter.
nvboot_bct_t132.h - adds mts structure into bct
nvboot_sdram_param_t132.h - clone of nvboot_sdram_param_t124.h
parse_t132.c - clone of parse_t124.c
Signed-off-by: Vince Hsu <vinceh@nvidia.com>
Acked-by: Allen Martin <amartin@nvidia.com>
Also update the next_bct_blk. Then we have the correct pointer
to the next block for the next image write.
Signed-off-by: Vince Hsu <vinceh@nvidia.com>
Acked-by: Allen Martin <amartin@nvidia.com>
Create a release that includes support for JTAG control, chip UUID, and
the ability to update an existing image.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This feature reads the BCT data from BCT or BCT with bootloader
appended binary, updates the BCT data based on config file, then
writes to new image file.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add support for read secure_jtag_control and unique_chip_id from
cfg file and write them into BCT structure, and bct_dump can also
parse the two fields and show the data.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Change to use block_size and page_size tokens instead of
block_size_log2 and page_size_log2 tokens when dump BCT
data.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add a function called token_supported in cbootimage_soc_config.
It is used to check if the input token is supported in specific
tegra soc.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This change uses void * as input data type for
cbootimage_soc_config.get/set_value and context_set_value functions.
This makes the functions can accept various data types based on
different tokens.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
The valid page_size value should be a power of two, so add this
check when setting page_size value.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Add a new field to the value_data table, which is the function to
use to format the data value.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Implement command-line option "-s tegra20" and "--soc tegra20". These
mirror the existing -t/--tegra option, but require the full chip name
(tegra20) rather than an abbreviated name (-t20). This is more consistent
with just about everything else upstream.
Suggested-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Add the Tegra124 chip support to cbootimage. User can use "-t124" as
option to parse .cfg and generate BCT/image for Tegra124.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
[swarren, modified change to usage() to avoid re-indenting it all]
Signed-off-by: Stephen Warren <swarren@nvidia.com>
In real-world use-cases, hashing zero-length data likely never happens.
However, it is relevant when testing cbootimage with a dummy zero-length
bootloader binary, e.g.:
touch u-boot.bin
cbootimage -t30 ../tamonten-ng/tegra30.img.cfg tegra30-tec-ng.img
In this scenario, it's useful to create a consistent hash, so that one
can compare the resultant images before and after applying patches, to
check for regressions.
Hence, zero out the hash data so it has consistent content if it isn't
written to.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Using "$@" (rather than #@) quotes any arguments if required. This is
useful if you want to run ./autogen.sh CFLAGS="-ggdb -O0".
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
The SoC specific code is in subdirectories which leads to warnings in
newer
automake versions. The option subdir-objects prevents those warnings.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Reviewed-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This patch adds SpiFlashParams to generate/dump BCT for SPI flash.
Signed-off-by: Penny Chiu <pchiu@nvidia.com>
Acked-by: Allen Martin <amartin@nvidia.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Edward Betts